Suche
Mein Konto
CertiK and zk-Sync DEX Merlin Consider $2M Reimbursement Plan for Rugpull Victims
Blockchain security firm CertiK and zk-Sync Decentralized Exchange (DEX) Merlin are working on a plan to compensate users affected by a recent exploit that drained nearly $2 million from the latter. Merlin revealed on Thursday that the incident, widely believed to be an exploit, was actually a carpet-pulling by several rogue members of its back-end development team who manipulated the protocol's code to achieve their goal. CertiK and Merlin to Compensate Victims Recall that Merlin's liquidity pool was drained on Wednesday, hours after CertiK released the code of the protocol...
CertiK and zk-Sync DEX Merlin Consider $2M Reimbursement Plan for Rugpull Victims
Blockchain security firm CertiK and zk-Sync Decentralized Exchange (DEX) Merlin are working on a plan to compensate users affected by a recent exploit that drained nearly $2 million from the latter.
Merlin revealed on Thursday that the incident, widely believed to be an exploit, was actually a carpet-pulling by several rogue members of its back-end development team who manipulated the protocol's code to achieve their goal.
CertiK and Merlin to compensate victims
Recall that Merlin's liquidity pool was emptied on Wednesday, hours after CertiK audited the protocol's code. The DEX was conducting the public sale of its native token MAGE when an attacker carried out the hack.
AsCryptoPotatoreported, CertiK said an analysis of the incident suggested that a private key management issue may have led to the incident. The security firm said it highlighted a centralization risk in the audit conducted on Monday and recommended that Merlin move to decentralized mechanisms to avoid single points of key failure.
After further analysis, Merlin and CertiK determined that the hack was an inside job by the protocol's team. The backend team implemented a call action feature that gave them control of the contracts and all trading pairs in the liquidity pools.
The developers were also able to manipulate Merlin's front-end contracts and web host, allowing them to execute multiple on-chain transactions that exhausted public sales.
Our unwavering priority is to return all funds to affected parties and participants on the Merlin platform as quickly as possible. We work together for this @Certik (Team DOXX of Prospero & Alatar Recovery Plan) to compensate all affected users.
— Merlin (@TheMerlinDEX) April 26, 2023
A 20% white hat premium
While Merlin and CertiK are developing a compensation plan, they have also informed the relevant authorities about the incident and the whereabouts of the rogue technical team. The backend team was traced to Serbia, Europe and local authorities were notified.
The protocol has also recruited on-chain analysts to monitor the movement of funds. The stolen assets were tracked to two wallets and were still there at the time of writing.
Meanwhile, CertiK offered gave developers a 20 percent white hat bounty and urged them to accept it to avoid the wrath of the law.
.