CertiK, a leading blockchain security firm, and zk-Sync decentralized exchange (DEX) Merlin are exploring a $2 million reimbursement plan for victims of rugpulls. Rugpulls, a type of scam where developers abruptly exit a project and take investors’ funds with them, have become increasingly prevalent in the DeFi space. The proposed plan aims to provide a safety net for investors who have fallen victim to such scams, giving them the opportunity to recoup some or all of their losses. The collaboration between CertiK and Merlin underlines the importance of maintaining the highest levels of security in DeFi and protecting the interests of all stakeholders.
Merlin, a decentralized exchange (DEX), recently suffered an exploit that lost almost $2 million to its users. The incident took place when Merlin was conducting the public sale of its native token, MAGE. It was initially thought to be an exploit, but on further investigation by blockchain security firm CertiK and Merlin, it was discovered that it was an insider job by some of the protocol’s back-end developers.
CertiK had audited the protocol’s code earlier that week, and it suspected a private key management issue may have caused the hack. The security firm recommended that Merlin switch to decentralized mechanisms to prevent centralization risks. However, Merlin and CertiK found out that the back-end team had manipulated the protocol’s code to give them power over the contracts and all trading pairs in the liquidity pools. They were also able to manipulate Merlin’s front-end contracts and web host, allowing them to execute several on-chain transactions that drained the public sale.
Merlin and CertiK are working towards a plan to compensate affected users. They have also informed authorities about the rogue technical team, who have been traced to Serbia, Europe. On-chain analysts are monitoring the stolen assets, which have been tracked to two wallets.
CertiK has offered the developers a 20% white hat bounty to avoid legal repercussions. They are urging the developers to accept the bounty and return the stolen funds to avoid facing the law. Meanwhile, Merlin and CertiK are working on compensating the affected parties and participants on the Merlin platform with the help of local authorities.
– Merlin and CertiK Discover Insider Job in $2 Million Exploit
– Merlin and CertiK Work to Compensate Victims of Recent Hack