On May 4, CertiK, a blockchain security firm, successfully blocked $160,000 of stolen funds that had been taken from Merlin, a decentralized exchange based on zkSync, which had been hit by a rug pull by a rogue insider last week. This fraudulent activity caused users to lose a total of $1.8 million.
On May 4, a Twitter thread reported that CertiK had attempted to recover funds that had been taken when the Merlin DEX rug was pulled by insiders. Despite their efforts, the blockchain security firm was unable to do so since the other team members of the project were unwilling to confirm their identities.
The rug pull has made the task of aiding victims more difficult, yet CertiK continues to collaborate with law enforcement in the US and UK to identify the people behind the pseudonyms perpetrating the crime.
North Carolina legislators have approved a bill that is against the use of CBDC (Central Bank Digital Currency) payments.
CertiK believes that the “rogue developers” responsible for the scam are based in Europe. The firm has determined that the insiders at Merlin misused the owner’s wallet authority, which corroborates its original conclusion that the issue stemmed from a private key issue rather than from an exploit.
Merlin asserted that their back-end team, whom they had a “high level of trust” in, was responsible for the rug pull.
CertiK identified “centralization risks” in its audit of zkSync-based decentralized exchange shortly before the platform was compromised on April 25, only a few days after it had launched.
The blockchain security firm admitted that they had not sufficiently emphasized the risk of centralized privileges, and had thus not made users aware of the associated risks.
In order to avoid similar occurrences in the future, CertiK has vowed to make centralization risks a priority in audit reports, so that customers can have a comprehensive understanding of any potential risks.
On April 27, CertiK revealed a $2 million compensation plan to make up for the losses incurred by those affected by the exit scam.
The security company has committed to utilizing the funds to prevent further scams like this one, as well as to provide aid to those who were negatively impacted.
