Blockchain security firm freezes $160K stolen in Merlin DEX ‘rug pull’

0

CertiK has contacted law enforcement in the United States and the United Kingdom to find the pseudonymous operators.

Smart contract auditor CertiK claims to have blocked $160,000 from Merlin, a zkSync-based decentralized exchange that has been the center of a rogue insider “rugpull” that lost users $1.8 million last week.

CertiK shared the news of its successful $160,000 freeze of the stolen funds in an update to its 257,700 Twitter followers on May 5.

“We have successfully frozen $160K of the stolen funds with the help of partners,” CertiK said, adding that they’re continuing to monitor the movement of the stolen funds:

The firm explained that it tried to “collaborate” with Merlin to recover the funds stolen from the April 25 “rug pull,” but the effort was to no avail.

It led the firm to reach out to law enforcement in the United States and the United Kingdom in an attempt to uncover the identities of the pseudonymous operators:

“This lack of cooperation has complicated our efforts to validate and aid victims. We are focusing on working with law enforcement and have submitted information to relevant US & UK agencies.”

“We are exploring all possibilities to fight exit scams with the $2M we’ve committed,” CertiK added.

The security firm believes the “rogue developers” are based in Europe, according to an earlier post.

As for the exit scam, CertiK said, “Merlin insiders abused the owner’s wallet privileges,” which is consistent with its initial finding that it came from a private key issue as opposed to an exploit.

Merlin claims the rug pull was carried out by its back-end team, which they claim to have put a “high degree of trust in.”

Related: April’s crypto scams, exploits and hacks lead to $103M lost — CertiK

CertiK, on the other hand, attributed part of the blame to themselves for failing to properly inform users of the centralization risks.

In a note to Cointelegraph, the firm said they would place more emphasis on this in future audit summaries.

“We are working to improve the clarity of our audit summaries in our reports — especially around centralization risks — and to better communicate with the community about the purpose of an audit.”

CertiK however stressed that smart contract auditors shouldn’t be held fully responsible for failing to identify rug pulls:

“Code Audits serve the purpose of uncovering vulnerabilities, not to detect a potential rugpull. Its important to recognize that many projects both large and small have centralization issues flagged, and the vast majority do not result in a rugpull,” the firm said.

The firm launched a $2 million compensation plan to cover the funds lost as a result of the “exit scam” on April 27.

The firm added that the funds pledged will be used to prevent exit scams and assist victims where possible.

Magazine: Crypto audits and bug bounties are broken: Here’s how to fix them

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Bitte geben Sie den Coingecko Free Api Key ein, damit dieses Plugin funktioniert

Subscribe To The Latest Crypto News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.