Makina Finance lost 1,299 ETH, roughly $4.13 million, in a flash-loan and oracle manipulation exploit.
The attacker drained the protocol’s funds and broadcast the transaction to Ethereum’s public mempool, where it should have been picked up by validators and included in the next block.
Instead, an MEV builder identified by the address 0xa6c2 front-ran the draining transaction, redirecting most of the funds into builder-controlled custody before the hacker could move them off-chain.
The hacker’s transaction failed. The funds landed in two addresses associated with the MEV builder.The immediate takeaway is that Makina’s users avoided a total loss. The deeper signal is who ended up holding the money and what that means for crypto’s emerging emergency-response architecture.
The most important actor in this story isn’t the attacker or the protocol, but the block-building supply chain that intercepted the exploit and now controls whether users get their funds back, under what terms, and how quickly.
MEV bots and builders are becoming crypto’s last line of defense, not by design but by structural position. That’s a problem, because rescue capacity is concentrated in the hands of profit-maximizing intermediaries operating with unclear accountability.
MEV as a backstop is already a pattern
The Makina incident isn’t a one-off. Chainalysis documented a similar dynamic during the 2023 Curve and Vyper exploit, noting that white hat hackers and MEV bot operators helped recover funds, which reduced realized losses below initial estimates.
The pattern is mechanical: as long as exploits or rescue attempts are visible in public transaction channels, sophisticated searchers and builders can compete to reorder transactions.
Sometimes they save funds. Sometimes they capture them. Either way, they’re acting as a de facto emergency-response layer.
When an exploit transaction enters the public mempool, MEV searchers monitor for profitable opportunities. If a hacker drains a protocol and broadcasts the transaction publicly, a searcher can construct a competing transaction that executes first, redirecting the funds to a different address.
The searcher bundles the transaction and submits it to a block builder, who includes it if the profit exceeds competing bids. If the builder’s block gets chosen by a validator, the searcher’s transaction executes, and the hacker’s transaction fails.
This is profit extraction with a beneficial side effect rather than pure altruism. But it’s also the most reliable mechanism crypto has developed for intercepting exploits in real time, because it operates at the transaction-ordering layer rather than relying on protocol-level circuit breakers or governance intervention.
Why dependence on MEV builders is uncomfortable
The problem with MEV-based rescues is that they concentrate emergency-response capacity in a highly intermediated pipeline.
On Ethereum, MEV-Boost dominates block production. Rated’s relay landscape shows roughly 93.5% of recent blocks routed via MEV-Boost, compared to roughly 6% using vanilla block production.
Within MEV-Boost, Relay market share is further concentrated: Ultra Sound Money accounts for roughly 29.84% of relay traffic, and Titan accounts for roughly 24.24%, meaning the two largest relays together handle over 54% of block production.
If most blocks flow through MEV-Boost and most MEV-Boost traffic flows through two relays, the rescue layer is structurally dependent on a small set of intermediaries. That creates governance problems fast.
If a builder ends up holding rescued funds, who authorizes custody? Who sets the bounty? What prevents extortion or ransom demands? What if the builder is offshore, anonymous, or operating in a jurisdiction with weak enforcement?
The Makina case illustrates the problem. The funds are in the builder’s custody, but there’s no public SLA, predefined bounty, or clear mechanism for returning the funds to Makina or its users.
The builder could return the funds voluntarily, negotiate a bounty, demand a higher fee than industry norms, or refuse to return the funds at all.
Private routing makes the problem worse.
A 2025 academic paper titled “Sandwiched and Silent” documented widespread private routing of transactions and found that many victims migrate toward private channels after being sandwiched by MEV bots.
However, private routing doesn’t eliminate MEV, it just shifts it from public mempools to private order flow channels controlled by builders and relays.
For protocols, that means public mempool rescues become less reliable because exploit transactions increasingly route through private channels accessible only to a subset of builders.
An attempt to civilize chaos
Safe Harbor is a framework developed by SEAL that seeks to replace the “MEV builder as accidental custodian” model with authorized responders, explicit SLAs, and bounded incentives.
SEAL describes Safe Harbor as a legal and technical framework that lets protocols pre-authorize white hats to intervene during active exploits.
The core operational rule is that rescued funds must be sent to official recovery addresses within 72 hours, with pre-defined, enforceable bounties.
SEAL says Safe Harbor was motivated by the Nomad hack, where white hats were willing to help but constrained by legal ambiguity about whether returning funds could be prosecuted as unauthorized computer access.
Safe Harbor removes that ambiguity by giving protocols a way to pre-authorize intervention and set clear terms. SEAL claims Safe Harbor is already protecting over $16 billion across major protocols, including Uniswap, Pendle, PancakeSwap, Balancer, and zkSync.
Immunefi, the bug bounty platform, has operationalized Safe Harbor with stricter terms.
Immunefi describes Safe Harbor as a SEAL-developed framework that redirects funds to a protocol-controlled vault on Immunefi’s platform. On Immunefi’s Safe Harbor program page, the terms state: “You have 6 hours to transfer funds back.”
Failure to meet the six-hour window is a material breach. That’s four times faster than SEAL’s baseline 72-hour requirement.
Safe Harbor doesn’t eliminate the dependence on MEV infrastructure. Instead, it just tries to formalize it.
If a builder front-runs an exploit and the protocol has adopted Safe Harbor, the builder is expected to recognize the intervention as authorized and route the funds to the protocol’s designated recovery address within the SLA.
But that assumes builders monitor Safe Harbor registries, respect the terms, and prioritize compliance over profit.
Scenario range
The expected user recovery rate in an exploit can be modeled as: expected recovery equals the probability of intervention, multiplied by one minus the bounty percentage, multiplied by one minus the failure or leak percentage.
Safe Harbor aims to increase the likelihood of intervention by reducing legal ambiguity and capping the bounty percentage in advance.
In the base case, Safe Harbor adoption increases over the next 12 months. More protocols are adding Safe Harbor terms to their governance frameworks, and more white hats are registering as authorized responders.
The probability of intervention rises because responders have legal clarity and fixed bounty terms. Recovery rates improve, especially for protocols that adopt stricter SLAs, such as Immunefi’s six-hour window.
In the bull case, the rescue layer professionalizes. Protocols build tight vault addresses, compress SLAs to single-digit hours, and pre-negotiate bounty schedules with known white hat teams.
Builders integrate Safe Harbor registries into their transaction-ordering algorithms, automatically routing rescued funds to designated addresses without manual intervention.
In the bear case, builder dependence hardens. Private order flow and relay concentration make rescues less transparent and more oligopolistic. Protocols that haven’t adopted Safe Harbor end up negotiating with builders after the fact, with no clear leverage or SLA.
Governance becomes dependent on intermediaries who hold funds and set terms unilaterally.
RegimeWho can interveneWhere funds landSLABounty termsAccountabilityFailure modeAd hoc MEV rescue (no Safe Harbor)Any MEV searcher/builder/relay actor who sees the exploit and can win orderingOften ends up in builder/searcher-controlled custody (or other third-party address)NoneNegotiated / unclear (can turn into ad hoc “pay me” dynamics)Opaque (no pre-authorization, no formal obligations)Ransom / extortion risk, refusal to return funds, prolonged limbo, jurisdictional enforcement issuesSafe Harbor (SEAL baseline)Pre-authorized whitehats (explicitly authorized by the protocol) during active exploitsProtocol-designated recovery address (official recovery destination)72 hoursPredefined / enforceable (set in advance by the protocol)Rules-based (scope-limited authorization + preset terms)Breach of terms if funds not returned on time; clearer escalation path vs ad hoc bargainingSafe Harbor (Immunefi program)Pre-authorized responders under Immunefi’s Safe Harbor flow (SEAL-derived)Protocol-controlled vault on Immunefi (structured custody flow)6 hoursPredefined reward/bounty structure (set by the project within the program)More formalized (platform terms + time-boxed compliance)Material breach if not returned within 6h; tighter SLA reduces limbo but raises execution pressure
What to watch
The metrics that matter are adoption cadence, operational SLAs, and centralization pressure.
Adoption cadence means tracking how many protocols add Safe Harbor governance proposals and register in SEAL’s adopter list.
Operational SLAs mean watching whether the market compresses response windows: SEAL’s 72-hour baseline versus Immunefi’s six-hour program signals that tighter SLAs are becoming competitive differentiators.
Centralization pressure means monitoring whether the market share remains concentrated.
MEV bots are becoming crypto’s emergency-response layer, whether the ecosystem likes it or not. Safe Harbor is the attempt to turn that into a predictable, accountable system.
But it’s also a bet that builders will respect pre-authorized terms, that protocols will adopt the framework fast enough, and that concentration in the block-building pipeline won’t undermine the fairness or accessibility of rescues.
The Makina case shows what happens when those assumptions don’t hold: funds sit in builder custody with no clear path back to users.
