Blockchain security firm freezes $160,000 of $2 million stolen in DEX Merlin rug-pull

The smart contract auditor CertiK claims to have locked up $160,000 from Merlin, a zkSync-based decentralized exchange that has been the focus of an insider “theft” that lost users $1.8 million last week.

CertiK shared news of his successful freeze of $160,000 of the stolen funds in an update to his 257,700 Twitter followers on May 5.

• Cryptocurrency scams in Australia increase more than 162% and almost USD 150 million are lost

“We have successfully frozen USD 160,000 of the stolen funds with the help of our partners,” CertiK said, adding that they continue to monitor the movement of stolen funds:

We have successfully frozen $160K of the stolen funds with the help of partners. We will continue to monitor the movement of all stolen funds in an attempt to freeze and recover the remaining amount.

— CertiK (@CertiK) May 4, 2023

We have managed to freeze USD 160,000 of the stolen funds with the help of our partners. We will continue to monitor the movement of all stolen funds to try to freeze and recover the remaining amount.

The company explained that it tried to “collaborate” with Merlin to recover the funds stolen in the “rug-pull” on April 25, but the effort was in vain.

This led the company to contact the security forces of the United States and the United Kingdom to try to discover the identity of pseudonymous operators:

“This lack of cooperation has complicated our efforts to validate and help victims. We are focusing on working with law enforcement and have forwarded information to the relevant US and UK agencies.”

“We are exploring all possibilities to fight exit scams with the $2 million we have committed,” CertiK added.

Security firm believes “rogue developers” are based in Europe,according to a previous post.

• Chainalysis Analyzes How Crypto Scammers Adapted To The Bear Market

As for the exit scam, CertiK said that “Merlin insiders abused the owner’s wallet privileges,” which is consistent with theirfinding initial that it came from a private key issue rather than an exploit.

Merlin claims that the rug-pull was carried out by their back-end team, in which they claim to have placed a “high degree of trust”.

We are deeply saddened by the actions of the technical team, whom we put a high degree of trust in. Merlin will continue to support our community and resolve the issue.

— Merlin (@TheMerlinDEX) April 26, 2023

We are deeply saddened by the actions of the technical team, in whom we place a high degree of trust. Merlin will continue to support our community and resolve the issue.

CertiK, for its part, took some of the blame for failing to properly inform users of the risks of centralization.

In a note to Cointelegraph, the firm said they would place more emphasis on this in futureaudit summaries.

“We are working to improve the clarity of our audit summaries in our reports – especially around centralization risks – and to better communicate the purpose of an audit to the community.”

Going forward, CertiK will prioritize centralization risks in audit summaries to ensure users have a complete picture of potential risks.

We recognize that audit reports can be highly technical documents, and it’s our job to communicate the risks clearly and transparently.

— CertiK (@CertiK) May 4, 2023

Going forward, CertiK will prioritize centralization risks in audit summaries to ensure that users have a full view of potential risks. We recognize that audit reports can be highly technical documents, and it is our job to communicate risks clearly and transparently.

CertiK, however, stressed that smart contract auditors should not be held fully responsible for failing to identify rug-pulls:

“Code audits are used to discover vulnerabilities, not to detect a possible rug-pull. It is important to recognize that many projects, large and small, have marked centralization issues, and the vast majority do not result in a rug-pull,” the firm said.

• The proportion of illicit cryptocurrency activities increases for the first time since 2019

On April 27, the companystarteda $2 million compensation plan to cover funds lost as a result of the “exit scam.”

The company added that the funds committed will be used to prevent exit scams and help victims. as far as possible.

Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.

Keep reading:

• Cryptocurrency scams in Australia increase more than 162% and almost USD 150 million are lost
• Chainalysis Analyzes How Crypto Scammers Adapted To The Bear Market
• The proportion of illicit cryptocurrency activities increases for the first time since 2019
• A tracker offers a one-stop shop for easy crypto market analysis
• Can Bitcoin Links to North Korea Be Used to Justify China’s Bitcoin Ban?
• Canadian Police Request Public Help Identify Bitcoin Scammers
• Voyager creditors could start receiving funds in the ‘coming weeks’