Blockchain Security Firm Foils $160K Heist in Merlin 'Rug Pull

Blockchain Security Firm Foils $160K Heist in Merlin ‘Rug Pull

admin_hrv2xlob
March 21, 2024
Uncategorized
0 Comments

CertiK, a blockchain security firm, has responded to a “rug pull” scam that caused $160,000 to be stolen from Merlin, a zkSync-based decentralized exchange. CertiK claims that the scam was perpetrated by insiders at Merlin who exploited their wallet privileges. Despite making efforts to work with Merlin to retrieve the stolen funds, CertiK was unable to do so.

We have successfully frozen $160K of the stolen funds with the help of partners. We will continue to monitor the movement of all stolen funds in an attempt to freeze and recover the remaining amount.
— CertiK (@CertiK) May 4, 2023

Steps Taken by Cetrik

Law enforcement agencies in the UK along with the US have been contacted by CertiK in an effort to track down those pseudonymous operators. With expertise in auditing smart contracts, CertiK has effectively prevented Merlin, a decentralized exchange operating on zkSync, from accessing $160,000 from the rugpull. However, this “rugpull” incident caused by a deceitful insider, has led to users losing around a sum of 1.8 million US dollars.

On May 5, CertiK announced its successful freeze of those stolen funds to its 257,700 Twitter followers. The company attempted to work with Merlin to recover the funds stolen during the April 25 “rugpull,” but the attempt was unsuccessful. According to an earlier post, the security firm believes that the “rogue developers” are located somewhere in Europe.

Accusations for the Rugpull

CertiK has addressed the exit scam and reiterated their initial finding that it was caused by a private key issue rather than an exploit. They confirmed that Merlin insiders had misused their wallet privileges, which supports their original conclusion.

Merlin has accused their back-end team of executing the rug pull. CertiK, however, has acknowledged their own responsibility in not sufficiently warning users about the dangers of centralization.

We are deeply saddened by the actions of the technical team, whom we put a high degree of trust in. Merlin will continue to support our community and resolve the issue.
— Merlin (@TheMerlinDEX) April 26, 2023

Cetrik stressed on the fact that the failure to detect rug pulls cannot be solely attributed to smart contract auditors. The main objective of Code Audits is to expose vulnerabilities rather than detect a potential rugpull. It is important to note that many projects, regardless of their size, have been flagged for centralization issues, but most of them do not result in a rugpull.

Compensation Plan

To compensate for the losses suffered due to the “exit scam” on April 27, the company has introduced a compensation plan worth $2 million. Furthermore, the company has committed to using the allocated funds to prevent exit scams and assist the victims, if possible.