CertiK and zkSync Era plan to compensate Merlin hack victims

  • Merlin is an Ethereum-based decentralized exchange (DEX) which uses zero-knowledge sync (zkSync).
  • The DEX has lost more than $1.8 million in a liquidity pool hack.
  • The hack took place barely hours after smart contract security firm CertiK audited the DEX’s code.

Ethereum-based decentralized exchange (DEX) Merlin woke up to bad news on Wednesday morning after a hacker(s) drained the DEX $1.8 million in a liquidity pool hack. The hack happened during a public sale of Merlin’s native token MAGE.

The hacker(s) stole several cryptocurrency assets including Ethereum (ETH), USD Coin (USDC), and other illiquid tokens.

CertiK had audited Merlin’s code

A few hours after the hack, security firm CertiK tweeted saying that it was investigating the incident to understand its impact on the community. It also said that its initial findings suggest that it could have resulted from an issue with a private key management meaning it was hack and not an exploit as widely thought.

CertiK conducted an audit of Merlin’s code on April 24, 2023, and recommended that Merlin improves its “centralized roles to the decentralized mechanism like multi-signature wallets to enhance security practices.” It also asked Merlin to implement a timelock feature with a latency of at least 48 hours to avoid a single point of key management.

CertiK also promised to collaborate with appropriate authorities in case anything came up.

CertiK and zkSync Era to compensate lost assets

While urging the hacker, who CertiK believes is a rogue developer, to return 80% of the stolen funds, the security firm offered a 20% white hat bounty to the hacker.

In a statement to a renowned media outlet on April 26, CertiK reiterated it is investigating the exit scam and has also enlisted the remaining Merlin team to initiate the compensation plan. The firm said:

“CertiK is exploring a community compensation plan to cover the ~$2M of user funds lost in the Merlin DEX rug pull. Initial investigations indicate that the rogue developers are based in Europe, and we are working with law enforcement to track them down.”

CertiK also noted that private key privileges are “committed to assisting impacted users” notwithstanding that they are outside the scope of a smart contract audit.

All Dutch and English crypto news!

Woningverkoper weigert 50 duizend Bitcoin, had hij geaccepteerd? Dan was hij nu miljardair

Iedereen maakt fouten en mist kansen, maar de een is kostbaarder dan de andere. Een clip uit het Amerikaanse tv-programma Million Dollar Listing New York...

Binance exec remains in jail as bail appeal fails again

Gambaryan’s lawyer, Mark Mordi, criticized the prosecution for failing to file a response to the additional affidavit submitted with his bail application. News Own this piece of...

Bitcoin ransomware Akira drains $42M from more than 250 companies: FBI

The U.S. Federal Bureau of Investigation (FBI) found that Akira ransomware has been targeting businesses and critical infrastructure entities in North America, Europe and Australia...

Blockchains should make money move like email — Stellar Development Foundation CEO

Denelle Dixon believes the success of blockchain protocols will hinge on the ability of traditional finance to move value on and off-chain. News Own this piece of...

Beste exchanges

Koop je crypto bij Bitvavo