Key takeaways:
- Blockchain Security Firm CertiK Offers Compensation Plan for DEX Merlin Users
- CertiK is exploring a community compensation plan to cover the roughly $2 million stolen from the Merlin DEX exploit.
- CertiK is also offering Merlin DEX rogue developers 20% white hat bounty
The decentralised exchange (DEX) Merlin, which runs on Ethereum, received terrible news on Wednesday morning after hackers stole $1.8 million from the DEX in a liquidity pool attack. The hack took place during the open sale of MAGE, the native token of Merlin.
A number of cryptocurrency assets were taken by the hacker(s), including Ethereum (ETH), USD Coin (USDC), and other illiquid tokens. Despite Merlin having undergone an assessment by blockchain security company CertiK, the hack took place during a public sale of the protocol’s native currency, mage (MAGE).
In response, CertiK stated that preliminary data suggests that the underlying issue may be related to private key management rather than an exploit. Even though audits can’t stop problems with private keys, the company always emphasises best practices for projects.
The problem involves an LP that has been drained as well as the zkSync DEX Merlin, which had completed a CertiK Audit and was compromised, resulting in the theft of approximately $1.82 million in money. Investors are concerned about this, therefore officials have said that the Core Farming Pools and public auction won’t start until CertiK has finished an audit.
Users were left with useless tokens when the rogue developer was able to remove all the liquidity from Merlin’s pool. By erasing the protocol’s website, Twitter account, and Telegram group, the developer further attempted to hide their trail.
CertiK will look into the incident and recompense impacted users for their losses. To make up for the lost money, they intend to start a compensation scheme.
Merlin, however, claimed that numerous members of the Back-End Team drained all of its contracts in a thread on Twitter on April 26. The post claimed that the project’s developers had contributed more than 1,000 times to Github repositories in the previous year. Their earlier works include Discoverilla and InterFi Network, and they are situated in Serbia.
CertiK has offered a 20% white hat bounty if the fraudulent developer agrees to return 80% of the funds in order to further encourage them to restore the stolen money. CertiK has said that they are committed to helping harmed users in this issue, despite the fact that private key rights are outside the scope of a smart contract audit.
The Merlin settlement came just two days after CertiK exposed Ordinals Finance, another DeFi platform, for carrying out an exit scam in which $1 million was stolen.
Despite the fact that rug pulls have recently increased in frequency in the cryptocurrency industry, CertiK claims that it is dedicated to lowering and mitigating the danger of insider risks like rug pulls and will keep the public informed about both its remuneration strategy and the status of its inquiry.
