The decentralized exchange, Merlin, operating on the zk-Sync network suffered a security breach resulting in the loss of two million dollars. Merlin revealed on Thursday (26/4) that the incident was caused by a rug pull scheme carried out by irresponsible members and developers of the Merlin team. They manipulated the protocol code to achieve their goal.
What Happened To The Dex On Zksync?
The Merlin liquidity pool was depleted on Wednesday (25/4), just a few hours after the blockchain security analysis platform, CertiK, audited the protocol code. The DEX was in the middle of its public sale of its native token, MAGE, when the attacker carried out the hacking.
After analysis, CertiK saw that the incident was a result of issues with private key management that might have caused the breach. The security company also revealed that they had identified centralization risks in their Monday audit and recommended that Merlin shift to a decentralized mechanism to avoid a single point of failure. Further analysis by Merlin and CertiK found that the hacking was an inside job by the protocol team. The back-end team applied a call-action function that gave them control over the contracts and all trading pairs in the liquidity pool. Developers were also able to manipulate the front-end contracts and the Merlin web host, allowing them to carry out some on-chain transactions that depleted the public sale.
Merlin to Compensate Users
In a statement from Merlin via Twitter, they announced that they will compensate users who have been affected by the incident. Merlin has informed the relevant authorities about the incident and the presence of the malicious technical team. The back-end team has been traced to Serbia, Europe, and local authorities have been notified. The protocol has also hired on-chain analysts to monitor the movement of funds. The stolen assets have been tracked to two wallets and are still in place at the time of writing. Meanwhile, Merlin and CertiK have launched a white hat bounty, a program that invites cybersecurity experts to find security vulnerabilities in their services and reward them if found.
More News About Crypto : NEWS
Follow our Twitter : https://twitter.com/DinoDapps