CertiK Freezes $160,000 Stolen During Merlin DEX Rugpull

Blockchain security firm CertiK has revealed that it has frozen around $160,000, which was stolen during the Merlin DEX rug pull last week. 

Merlin, a zkSync-based decentralized exchange, fell victim to an insider rug pull, resulting in a loss of $1.8 million. 

The blockchain security firm and smart contract auditor shared the news of the freezing of funds via its official Twitter handle. CertiK tweeted, 

“We want to provide the community with an update regarding the Merlin DEX incident that took place on April 25th, when Merlin insiders rugpulled their users for $1.8M. This was an internal rug pull. Merlin insiders abused the owner’s wallet privileges. We initially tried to collaborate with the remaining members of the Merlin team, but a number of core members were unwilling to verify their true identities.”

According to CertiK, the firm tried to reach out and collaborate with members of the Merlin team. However, they were unwilling to verify their identities, leading to complications in efforts to aid victims of the rug pull. 

“This lack of cooperation has complicated our efforts to validate and aid victims. We are focusing on working with law enforcement and have submitted information to relevant US & UK agencies.”

The firm also added that it was monitoring the stolen funds and working with law enforcement agencies in the United Kingdom and the United States of America. 

“We have successfully frozen $160K of the stolen funds with the help of partners. We will continue to monitor the movement of all stolen funds in an attempt to freeze and recover the remaining amount.”

Merlin tweeted on its official handle that the rug pull was orchestrated by its back-end team, adding that it had put a high degree of trust in the team. It added that it would continue to support the community and help resolve the issue. CertiK also took on some of the blame, stating that they failed to adequately inform users about the risks that could arise from centralization. The firm added that they would put more emphasis on such issues during future audits. 

“We are working to improve the clarity of our audit summaries in our reports — especially around centralization risks — and to better communicate with the community about the purpose of an audit. Going forward, CertiK will prioritize centralization risks in audit summaries to ensure users have a complete picture of potential risks. We recognize that audit reports can be highly technical documents, and it’s our job to communicate the risks clearly and transparently.”

However, CertiK also added that smart contract auditors could not be held entirely responsible for failing to identify rug pulls. It stated, 

“Code Audits serve the purpose of uncovering vulnerabilities, not to detect a potential rug pull. It’s important to recognize that many projects, both large and small have centralization issues flagged, and the vast majority do not result in a rug pull.”

CertiK is also working with Merlin and planning to launch a victim aid fund to help those impacted by the Merlin DEX exploit. 

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.