News

CertiK Plans To Compensate 2 Million Lost In Merlin DEX Rug Pull

Key Points:

CertiK is exploring a compensation plan to cover the $2M of user funds lost in the Merlin DEX rug pull.
The firm urges the rogue developers to accept a 20% white hat bounty.

CertiK is exploring a community compensation plan to cover nearly 2 Million user funds lost in the Merlin DEX rug pull. Initial investigations indicate that the rogue developers are based in Europe, and law enforcement is working to track them down.

CertiK responded that initial findings point to a potential private key management issue rather than an exploit as the root cause. While audits cannot prevent private key issues, the firm always highlights best practices for projects.

The incident involves the zkSync DEX Merlin that had undergone a CertiK Audit that was hacked, resulting in over $1.82 million in stolen funds and an LP that has been drained. This has caused concern for investors, and officials have stated that the Core Farming Pools and public sale will only be launched after CertiK completes an audit to reassure investors.

CertiK’s exploration of a community compensation plan to cover the lost funds is a positive step in addressing the situation. The company is determined to track down the rogue developers behind this rug pull and is urging them to accept a 20% white hat bounty.

Despite the problem, the initial tweet from CertiK included ZKSync, but it has since been deleted without any reason.

Coincu previously reported that Merlin smart contracts contained malicious code that led to a loss of funds. The initialize function’s two lines of code allowed the feeTo address to transfer an unlimited amount of token0 and token1 from the contract’s address. Additionally, redragonvn identified a “backdoor” code in the Merlin code (L87-88) that lets the feeTo of MerlinFactory transfer all assets in the pair, posing a security risk as there is no use case that requires its approval.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Thana

Coincu News

Thana

I am a news editor at Coincu, where I produce daily editorial packages and manage the knowledge and review article sections. Before journalism, I earned a Bachelor's degree in Global Logistics and Supply Chain Management from Northampton University and studied news journalism at Press Association Training.