- Makina Finance saw 1,299 ETH (~$4.13M) move via a Uniswap V3 swap of 4.24M USDC, confirmed in block 24,273,362 at 03:40:35 UTC on Jan 20, 2026.
- On-chain data indicates a MEV builder front-ran the exploiter; funds remain in two wallets (~$3.3M and ~$880K) with no bridging, mixing, or exchange activity.
- The flow used WETH and a single transaction without splits; users are revoking approvals while the team has not shared an update on impact or recovery.
Makina Finance faced an on-chain exploit early Tuesday that resulted in about $4.13 million in Ethereum leaving the protocol’s path in a single sequence of transactions. On-chain data reviewed by PeckShield shows the attacker withdrew 1,299 ETH and moved it out in one transaction. The flow then took an unusual turn, because a MEV builder front-ran the exploiter during execution and appears to have captured the ETH before the original attacker could secure it.
Makina Finance exploit drains 1,299 ETH as on-chain trail points to MEV interception
The incident centered on a withdrawal of 1,299 ETH, valued at roughly $4.13 million at the time of the exploit. PeckShield tied the loss to a single-transaction move, which made the event easy to spot in on-chain monitoring feeds. The key detail came from how the funds moved immediately after the ETH landed. The attacker did not get time to manage the proceeds in a typical post-exploit pattern, such as splitting across fresh wallets or routing through bridges. Instead, the on-chain flow showed a front-run at the block-building stage, where a party linked to MEV infrastructure acted faster than the exploiter. PeckShield described the dynamic as a classic sandwich or front-running maneuver. A specialized bot monitored the mempool, detected the exploiter’s pending transaction, and replayed the same action with a higher gas fee. That replacement let the bot take the “bounty” that the original hacker aimed to collect. In this case, the bot did not simply compete on execution priority; it effectively displaced the exploiter’s outcome and redirected value as the transaction settled. The result left two main wallet destinations visible on-chain, with one address holding about $3.3 million and another holding roughly $880,000, based on balances at the time those wallets were checked.
Makina Finance Uniswap V3 swap involved 4.24 million USDC and Ethereum block 24,273,362
The exploit path ran through a large swap on Uniswap V3, where around 4.24 million USDC was exchanged for 1,299.18 ETH. The ETH amount matched the reported stolen figure and priced to about $4.13 million during the event. The transaction confirmed on Ethereum block 24,273,362 at 03:40:35 UTC on January 20, 2026. The swap completed without errors, which drew attention because the move was large yet cleanly executed. The gas fee came in at just over $0.50, which suggested careful construction rather than a rushed attempt that overpaid for inclusion. On-chain records showed a multi-protocol route before final settlement. Activity appeared across Curve and Aave, and the total USDC passing through the related transactions exceeded $5.1 million. Part of the path moved through Curve’s DAI and 3Crv pools, then returned toward Uniswap for settlement. That routing pattern mattered because it showed the swap did not rely on a single pool’s liquidity and instead moved through connected venues to complete the conversion. It also left a longer on-chain footprint, which made it easier for trackers to map the sequence and flag where value shifted.
MEV builder linked address 0xa6c2 receives ETH right after the swap completes
Soon after the ETH arrived in the attacker-controlled wallet, nearly the entire amount moved again to an address linked to a MEV builder, identified as 0xa6c2…. The timing stood out because the transfer happened right after the swap completed, which aligned with block-building level intervention rather than a standard follow-up transfer by the same exploiter. On-chain data showed the ETH moved onward again before the attacker could route it elsewhere, reinforcing the MEV capture pattern. The flow suggested the builder or an affiliated searcher observed the pending transaction, then inserted a competing version that secured priority. The funds originated from Wrapped Ether and moved in a single transaction without splitting or delay. That clean movement reduced the chance that the exploiter attempted a slow obfuscation step during the initial phase. After the transfer to the MEV-linked address, the trail showed no bridging, mixing, or exchange deposits. Two wallet addresses still held the funds at last observation, and neither showed signs of active peeling or timed dispersal. The lack of further movement left open questions about intent and control, since the outcome looked less like a standard theft-and-launder flow and more like a race that ended with the MEV side holding the assets.
Makina Finance user risk questions persist as team stays silent after $4.13 million loss
It remains unclear whether the stolen value came from user liquidity providers or from Makina Finance treasury-controlled funds. That uncertainty matters for users who interacted with the contracts tied to the exploit route, since approvals can remain open even after funds leave. Users have been advised to revoke token approvals linked to Makina Finance contracts using tools such as Revoke.cash, especially if they granted broad allowances for tokens used in swaps or liquidity actions. The on-chain record also showed no signs of error during execution, which suggests the exploit used valid calls that still produced an unintended result for the protocol’s accounting or access controls. Makina Finance has not issued a public statement about the exploit. The team has not acknowledged the incident on social media and has not clarified whether user funds took the hit or whether recovery actions have started. That silence has drawn attention because the event unfolded quickly, involved 1,299.18 ETH worth about $4.13 million, and showed a clear MEV interception trail. Until the team confirms the scope, users and liquidity providers remain focused on approval hygiene and transaction monitoring, while on-chain analysts continue to watch the two wallets holding about $3.3 million and roughly $880,000 for any movement.
Conclusion
Makina Finance saw about $4.13 million in ETH leave through a 1,299 ETH exploit tied to a large Uniswap V3 swap involving around 4.24 million USDC. The transaction confirmed at 03:40:35 UTC on January 20, 2026 in Ethereum block 24,273,362 and used a gas fee just over $0.50. PeckShield’s review pointed to a MEV builder front-running the exploiter, with funds traced to two wallets holding about $3.3 million and roughly $880,000. Makina Finance has not yet commented publicly, while users focus on revoking approvals and tracking on-chain wallet activity.
Disclaimer
The information provided in this article is for informational purposes only and should not be considered financial advice. The article does not offer sufficient information to make investment decisions, nor does it constitute an offer, recommendation, or solicitation to buy or sell any financial instrument. The content is opinion of the author and does not reflect any view or suggestion or any kind of advise from CryptoNewsBytes.com. The author declares he does not hold any of the above mentioned tokens or received any incentive from any company.
Featured image created by AI
