DEX Merlin and CertiK Plan to Compensate $2M to Users Impacted in Rug Pull
A rogue developer behind the hyped launch allegedly conducted the rug pull on Wednesday.
Apr 27, 2023 at 6:56 a.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/ZCD62UMHINGSFOGXOHHV7F7TWM)
(Ryan Quintal/Unsplash, modified by CoinDesk)
ZkSync-based decentralized exchange (DEX) Merlin plans to compensate users impacted in a nearly $2 million rug pull with blockchain audit firm CertiK, a representative for CertiK told CoinDesk in an email on Thursday.
A rug pull is a type of exit scam in which the perpetrators create a new token, launch a liquidity pool for it and pair it with a base token, such as ether (ETH) or a stablecoin such as dai (DAI). A liquidity pool is a large pool of tokens a protocol uses to fulfill trades, as opposed to an order book system where buyers and sellers list their trade orders and wait to be filled.
“CertiK is actively investigating the recent Merlin DEX exit scam, where rogue developers are suspected of causing the loss of around $2 million in user funds,” the representative said. “Working closely with the remaining Merlin team, CertiK will initiate a compensation plan to cover the lost funds for affected users.”
“Initial investigations indicate that the rogue developers are based in Europe, and CertiK will collaborate with law enforcement authorities to track them down if direct negotiation is unsuccessful,” they added.
The rogue developer is urged to return 80% of the stolen funds and accept a 20% white-hat bounty, CertiK said. On its part, CertiK emphasized that although private key privileges are outside the scope of a smart contract audit, they are committed to assisting impacted users in this case.
Merlin was seemingly exploited for over $1.8 million on Wednesday morning during a public sale of its mage (MAGE) tokens. The attack occurred despite Merlin touting an audit conducted by blockchain security firm CertiK.
Further analysis by firms and analysts alleged the attack was conducted by a rogue developer who held private keys to Merlin’s smart contracts – allowing them to withdraw all liquidity from the protocol.
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.