Sunday , November 24 2024
Home / Blockchain / CertiK and zk-Sync DEX Merlin Explore $2M Reimbursement Plan for Rugpull Victims

CertiK and zk-Sync DEX Merlin Explore $2M Reimbursement Plan for Rugpull Victims

Summary:
Blockchain security firm CertiK and zk-Sync decentralized exchange (DEX) Merlin are working towards a plan to reimburse users affected by a recent exploit that drained almost million from the latter. Merlin revealed on Thursday that the incident, which was widely believed to be an exploit, was, in fact, a rug pull by several rogue members of its back-end developer team, who manipulated the protocol’s code to achieve their goal. CertiK and Merlin to Compensate Victims Recall that Merlin’s liquidity pool was drained on Wednesday, hours after CertiK audited the protocol’s code. The DEX was conducting the public sale of its native token, MAGE, when an attacker executed the hack. As CryptoPotato reported, CertiK said an analysis of the event suggested a private key

Topics:
Mandy Williams considers the following as important: , , ,

This could be interesting, too:

Wayne Jones writes Charles Schwab to Launch Spot Crypto ETFs if Regulations Change

Wayne Jones writes Here’s When FTX Expects to Start Repaying Customers .5B

Dimitar Dzhondzhorov writes Is Cryptoqueen Ruja Ignatova Alive and Hiding in South Africa? (Report)

Wayne Jones writes Casa CEO Exposes Shocking Phishing Scam Targeting Wealthy Crypto Users

Blockchain security firm CertiK and zk-Sync decentralized exchange (DEX) Merlin are working towards a plan to reimburse users affected by a recent exploit that drained almost $2 million from the latter.

Merlin revealed on Thursday that the incident, which was widely believed to be an exploit, was, in fact, a rug pull by several rogue members of its back-end developer team, who manipulated the protocol’s code to achieve their goal.

CertiK and Merlin to Compensate Victims

Recall that Merlin’s liquidity pool was drained on Wednesday, hours after CertiK audited the protocol’s code. The DEX was conducting the public sale of its native token, MAGE, when an attacker executed the hack.

As CryptoPotato reported, CertiK said an analysis of the event suggested a private key management issue may have led to the incident. The security firm disclosed that it had pointed out a centralization risk in the audit conducted on Monday and recommended that Merlin switches to decentralized mechanisms to avoid single points of key failure.

Upon further analysis, Merlin and CertiK discovered that the hack was an insider job from the protocol’s team. The back-end team implemented a call-action function that gave them power over the contracts and all trading pairs in the liquidity pools.

The developers were also able to manipulate Merlin’s front-end contracts and web host, allowing them to execute several on-chain transactions that drained the public sale.

A 20% White Hat Bounty

While Merlin and CertiK are working out a compensation plan, they have also informed relevant authorities about the incident and the whereabouts of the rogue technical team. The back-end team has been traced to Serbia, Europe, and local authorities have been notified.

The protocol has also recruited on-chain analysts to monitor the movement of the funds. The stolen assets have been tracked to two wallets and were still there at the time of writing.

Meanwhile, CertiK has offered the developers a 20% white hat bounty, urging them to accept it to avoid the wrath of the law.

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *