CertiK and zkSync Era plan to compensate Merlin hack victims

  • Merlin is an Ethereum-based decentralized exchange (DEX) which uses zero-knowledge sync (zkSync).
  • The DEX has lost more than $1.8 million in a liquidity pool hack.
  • The hack took place barely hours after smart contract security firm CertiK audited the DEX’s code.

Ethereum-based decentralized exchange (DEX) Merlin woke up to bad news on Wednesday morning after a hacker(s) drained the DEX $1.8 million in a liquidity pool hack. The hack happened during a public sale of Merlin’s native token MAGE.

The hacker(s) stole several cryptocurrency assets including Ethereum (ETH), USD Coin (USDC), and other illiquid tokens.

CertiK had audited Merlin’s code

A few hours after the hack, security firm CertiK tweeted saying that it was investigating the incident to understand its impact on the community. It also said that its initial findings suggest that it could have resulted from an issue with a private key management meaning it was hack and not an exploit as widely thought.

CertiK conducted an audit of Merlin’s code on April 24, 2023, and recommended that Merlin improves its “centralized roles to the decentralized mechanism like multi-signature wallets to enhance security practices.” It also asked Merlin to implement a timelock feature with a latency of at least 48 hours to avoid a single point of key management.

CertiK also promised to collaborate with appropriate authorities in case anything came up.

CertiK and zkSync Era to compensate lost assets

While urging the hacker, who CertiK believes is a rogue developer, to return 80% of the stolen funds, the security firm offered a 20% white hat bounty to the hacker.

In a statement to a renowned media outlet on April 26, CertiK reiterated it is investigating the exit scam and has also enlisted the remaining Merlin team to initiate the compensation plan. The firm said:

“CertiK is exploring a community compensation plan to cover the ~$2M of user funds lost in the Merlin DEX rug pull. Initial investigations indicate that the rogue developers are based in Europe, and we are working with law enforcement to track them down.”

CertiK also noted that private key privileges are “committed to assisting impacted users” notwithstanding that they are outside the scope of a smart contract audit.

All Dutch and English crypto news!

MUFG to facilitate Japanese bank-backed stablecoins via Progmat Coin platform

Megabank Mitsubishi UFJ Financial Group (MUFG) has announced that its stablecoin issuance platform "Progmat Coin" will soon be used by Japanese banks to launch Yen-pegged...

Net Bitcoin ATMs record an increase after 4 months of global downtrend

Breaking the year-long trend of declining Bitcoin (BTC) and crypto ATMs across the globe, May recorded a steep increase in net installations with nearly 1,400...

Microsoft pens AI cloud computing deal with former Ethereum miner CoreWeave: CNBC

Microsoft has reportedly signed a deal with former Ethereum miner CoreWeave to use its cloud computing infrastructure to support its Artificial Intelligence-powered services. According to a...

Crypto Biz: Six months on from FTX, Tether mines BTC, and Nvidia’s AI superchips

Just over six months after FTX's dramatic collapse, the crypto industry can finally begin analyzing the effects of the debacle. The quick ripple effect to...

Beste exchanges

Koop je crypto bij Bitvavo