MakinaFi, a non-custodial decentralized finance (DeFi) execution platform, has suffered a major security breach resulting in the theft of approximately 1,299 ETH, valued at around $4.13 to $4.2 million. The exploit, which occurred on January 20, 2026, specifically targeted the protocol's DUSD/USDC CurveStable pool, draining it of funds.
Blockchain security firm PeckShieldAlert first disclosed the incident via a post on X, providing detailed on-chain analysis. According to their investigation, the attacker converted the stolen tokens into Ethereum (ETH) for higher liquidity before routing the funds. A notable aspect of the attack was the use of a Maximal Extractable Value (MEV) builder address (0xa6c2…) to process transactions, a technique that helps obscure the transaction trail and complicates tracking due to blurred patterns.
The stolen ETH was subsequently split into two primary Ethereum addresses. One address, labeled 0xbed2…dE25, currently holds about 1,023 ETH (worth roughly $3.3 million). The second address, 0xE573…f905 (also referenced as 0x573d…910e), contains approximately 276 ETH (valued near $880,000). PeckShieldAlert noted that some transactions were preemptively processed by the MEV builder, indicating the exploit involved time-sensitive execution and transaction ordering advantages.
As of the latest reports, the stolen funds remain in these two wallets, with no evidence yet of transfers to cryptocurrency mixers or centralized exchanges. Market participants and investigators are actively monitoring the addresses for any consolidation or movement of the assets.
At the time of writing, MakinaFi has not issued any official statement, detailed technical breakdown, or mitigation update regarding the exploit. The lack of communication from the project team has heightened uncertainty among users, with no confirmation available on the extent of user impact, potential recovery efforts, or planned security fixes.
