|
Getting your Trinity Audio player ready...
|
- Makina Finance lost $4.13M in Ethereum via a Uniswap V3 swap exploit.
- An MEV bot front-ran the attacker, capturing nearly all stolen funds.
- ETH remains in two wallets, untouched, while Makina Finance has yet to respond.
Makina Finance, a decentralized finance (DeFi) protocol, was targeted in a sophisticated exploit early Tuesday, resulting in the theft of approximately $4.13 million in Ethereum. Blockchain security firm PeckShield confirmed the funds were moved in a single transaction, highlighting both the speed and precision of the attack.
The incident centers around a large swap on Uniswap V3, where roughly 4.24 million USDC was exchanged for 1,299 ETH. Despite the transaction’s size, it executed without errors, incurring a negligible gas fee of just over $0.50. On-chain analysis shows the assets flowed through several DeFi platforms, including Curve and Aave, before reaching two wallets holding $3.3 million and $880,000, respectively.
MEV Front-Running Alters the Outcome
The exploit was further complicated by activity from a Miner Extractable Value (MEV) builder. PeckShield’s investigation revealed that the attacker’s transaction was front-run by a specialized bot. In a classic ‘sandwich’ maneuver, the MEV bot detected the pending swap in the Ethereum mempool and effectively intercepted the ETH before the hacker could fully secure it.
“This pattern is increasingly common in large-scale on-chain exploits,” PeckShield noted, as the MEV builder captured nearly all the funds immediately after the swap, preventing the attacker from moving them further. On-chain records indicate the ETH has remained in these two wallets with no signs of bridging, mixing, or exchange deposits.
Swap Mechanics and Liquidity Flow
The stolen ETH moved through complex liquidity channels, including Curve’s DAI and 3Crv pools, with over $5.1 million in USDC passing through the system. The seamless execution of the swap, combined with the rapid front-running, underscores the sophistication of both the exploit and the MEV capture.
It remains unclear whether the stolen funds belonged to the protocol treasury or to user liquidity providers. Security experts are urging users to immediately revoke token approvals for Makina contracts through tools like Revoke.cash to prevent further risks.
Makina Finance Yet to Respond
At the time of reporting, Makina Finance has not issued any public statement regarding the exploit. The team has not confirmed whether user funds were affected or outlined recovery measures, drawing attention to the size and swiftness of the incident.
As of now, the stolen ETH sits untouched in two wallets, making the situation a focal point for DeFi security analysts. The incident highlights the growing interplay between DeFi vulnerabilities and MEV activity, emphasizing the need for enhanced monitoring and protective measures.
This story is developing, and updates are expected as more information becomes available.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
I’m your translator between the financial Old World and the new frontier of crypto. After a career demystifying economics and markets, I enjoy elucidating crypto – from investment risks to earth-shaking potential. Let’s explore!
