Blockchain security firm freezes $160K stolen in Merlin DEX ‘rugpull’

Smart contract auditor CertiK claims to have blocked $160,000 from Merlin, a zk-Sync-based decentralized exchange (DEX) which has been the center of a rogue insider “rugpull” that lost users $1.8 million last week.

CertiK shared the news of its successful $160,000 freeze of the stolen funds in an update to its 257,700 Twitter followers on May 5.

“We have successfully frozen $160K of the stolen funds with the help of partners,” CertiK said, adding that they’re continuing to monitor the movement of the stolen funds:

The firm explained that they tried to “collaborate” with Merlin to recover the funds stolen from the April 25 “rugpull” but the effort was to no avail.

It led the firm to reach out to law enforcement in the United States and the United Kingdom in an attempt to uncover the identities of the pseudonymous operators:

“This lack of cooperation has complicated our efforts to validate and aid victims. We are focusing on working with law enforcement and have submitted information to relevant US & UK agencies.”

“We are exploring all possibilities to fight exit scams with the $2M we’ve committed,” CertiK added.

The security firm believes the “rogue developers” are based in Europe, according to an earlier post.

As for the exit scam, CertiK said “Merlin insiders abused the owner’s wallet privileges,” which is consistent with its initial finding that it came from a private key issue as opposed to an exploit.

Merlin claims the rug pull was carried out by its back-end team, which they claim to have put a “high degree of trust in.”

Related: April’s crypto scams, exploits and hacks lead to $103M lost – CertiK

CertiK, on the other hand, attributed part of the blame to themselves for failing to properly inform users of the centralization risks.

In a note to Cointelegraph, the firm said they would place more emphasis on this in future audit summaries.

“We are working to improve the clarity of our audit summaries in our reports – especially around centralization risks – and to better communicate with the community about the purpose of an audit.”

CertiK however stressed that smart contract auditors shouldn’t be held fully responsible for failing to identify rug pulls:

“Code Audits serve the purpose of uncovering vulnerabilities, not to detect a potential rugpull. Its important to recognize that many projects both large and small have centralization issues flagged, and the vast majority do not result in a rugpull,” the firm said.

The firm launched a $2 million compensation plan to cover the funds lost as a result of the “exit scam” on April 27.

The firm added that the funds pledged will be used to prevent exit scams and assist victims where possible.

Magazine: Crypto audits and bug bounties are broken: Here’s how to fix them

All Dutch and English crypto news!

7 must-read books for aspiring tech entrepreneurs

If you're an aspiring tech entrepreneur looking for insights and inspiration to enhance your knowledge and skills, here are seven must-read books to consider: The Lean...

Europese mijlpaal: 5 jaar Bitcoin salaris voor medewerkers BLOX & BTC Direct

Voor sommigen is het nog toekomstmuziek, voor anderen al lang een realiteit: een salaris uitbetaald in Bitcoin. Voor de medewerkers van BLOX en zusterbedrijf BTC...

Bybit gets “in-principle” approval to begin operations in Kazakhstan

Bybit has been in the process of expanding its service offerings. Bybit received "in-principle" approval from the Astana International Financial Centre to begin operations in Kazakhstan. The...

Crypto analyse: Bitcoin maakt de beste candle van deze maand

Bitcoin heeft vannacht zijn wekelijkse candle gesloten met maar liefst 5% in de plus. Dit is een positieve wending in een maand vol rode candles....

Beste exchanges

Koop je crypto bij Bitvavo