Merlin, a new DEX launched on zkSync, suffered a nearly $2 million rug pull during its MAGE token public sale. The technical team responsible had implemented malicious code despite a very recent audit by the blockchain security firm CertiK. Prosecutions have been initiated against those responsible, who are said to be located in Serbia.
The Merlin project is rug-pulled
A strange rug pull took place yesterday, Wednesday April 26, on the decentralized exchange (DEX) Merlin, recently launched on the zkSync network. The DEX, which had just undergone an audit of the blockchain security firm CertiKthus saw its liquidity pools emptied for just under $2 million in the midst of a public sale of its MAGE token.
Thus, at first, the audit was naturally singled out since a hack then seemed the most probable hypothesis. For its part, CertiK first indicated that its first conclusions pointed more to “a potential private key management problem” rather than a hack or the exploitation of a flaw.
Finally, it seems that it is the technical team in charge of the project that implanted a malicious code in the structure of the DEX.
Merlin’s Post Mortem
it is with deepest regret that we have to notify you of a major fault in the structural integrity and controls of the Merlin Platform.
In the early hours of this morning the several members of the Back-End Team drained all of our Contracts.
— Merlin (@TheMerlinDEX) April 26, 2023
“It is with the greatest regret that we must inform you of a major failure in the structural integrity and controls of the Merlin platform. In the early hours of this morning, several members of the Back-End team emptied all of our contracts. »
The project team adds further:
“We submitted all the contracts intended to be used on our platform to Certik who carried out a complete audit. However, there has been a clear oversight of the primordial power that the _owner [ligne de code concernée, NDLR] had on the pools. Also, the back-end team, which also has access to our host, unknowingly manipulated our code to achieve their goal. »
👉 Protect your cryptocurrencies with ZenGo, the ultra-secure wallet that makes browsing the Web3 easier
Discover ZenGo
$10 Bitcoin bonus from $200 deposit 🔥
Prosecutions against the culprits
In its press release, the Merlin team adds that the technical team responsible for the rug pull would be located in Serbia, and local authorities have been contacted accordingly. Furthermore, the funds continue to be traced in cooperation with on-chain analysts.
CertiK has since issued a statement informing its community that the stolen funds would be refunded to their holders, and that “further information” will be communicated on this subject. CertiK specifies that “even after having raised the private key problems” in its audit, it wishes to participate in the reimbursement of injured users.
1/ CertiK is exploring a community compensation plan to cover the ~$2M of user funds lost in the Merlin DEX rug pull. Initial investigations indicate that the rogue developers are based in Europe, and we are working with law enforcement to track them down.
⬇️⬇️⬇️
— CertiK (@CertiK) April 26, 2023
Thus, a deal was offered to the guilty individuals: the return of 80% of the funds in exchange for the remaining 20% and the abandonment of the lawsuits. The DEX Merlin, which had just launched, now has no liquidity while the sale of its token is still in progress.
👉 In the DeFi news – DeFi: Uniswap generates more than 70% of the volume of decentralized exchanges (DEX)
The best way to secure your cryptocurrencies 🔒
🔥 Up to $30 in Bitcoin offered!
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.
Passionate about the world of decentralized finance and the novelties brought by Web 3.0, I write articles for Cryptoast to help make the blockchain more accessible to everyone. Convinced that cryptocurrencies will change the future very soon.
Maximilien Prue
683 items
