- Merlin disclosed that the exploit was a rug pull by a few disgruntled developers.
- CertiK has extended a 20% white hat reward to the developers.
CertiK, a blockchain security company, and Merlin, a decentralized exchange (DEX) powered by zkSync, are collaborating on a proposal to compensate consumers whose funds were stolen in a recent hack.
On Thursday, Merlin disclosed that the incident—widely interpreted as an exploit—was actually a rug pull. It was done by a few disgruntled developers on the company’s back end who cheated the system by altering the protocol’s code.
Dangers of Centralization
It’s worth noting that the Merlin liquidity pool was depleted on Wednesday. That too only hours after CertiK completed its examination of the protocol’s code. When the hack was carried out, the DEX was offering its native token, MAGE, to the general public for the first time.
Earlier reports indicated that CertiK’s investigation into the incident pointed to a problem with private key management as a possible cause of the incident. The security company said that it had warned about the dangers of centralization. This was during Monday’s examination and suggested that Merlin moves to decentralized techniques to eliminate potential weak spots.
Moreover, after digging further, Merlin and CertiK determined that someone in the protocol team was responsible for the attack.
Merlin and CertiK have alerted the proper authorities of the occurrence. And also the location of the renegade technical team while they figure out a compensation plan. Local authorities have been made aware of the back-end team’s likely location in Serbia, Europe.
Meanwhile, CertiK has extended a 20% white hat reward to the developers. Asking them to take it in order to stay out of legal trouble.
Recommended For You:
zkSync-based DEX Merlin Exploited of $1.82M as per PeckShield
