TRENDING:
EUR/USD
GBP/USD
XAU/USD
Trade War
USD/CAD
AUD/USD
Sponsored by
Login
|

CertiK, zkSync concede 20% white hat bounty amid plans to reimburse the $1.82M Merlin DEX exploit

  • CertiK is working out a compensation plan for the $1.82 million hack against Merlin DEX.
  • The blockchain security firm is working with zkSync to implement the base protocol for the Merlin platform.
  • They have conceded a 20% white hat bounty, urging the exploiter to return 80% of the stolen funds.
CertiK, zkSync concede 20% white hat bounty amid plans to reimburse the $1.82M Merlin DEX exploit
Lockridge OkothLockridge OkothFXStreet

CertiK, a blockchain security firm, has devised a compensation plan for the exploit that saw decentralized exchange Merlin lose $1.82 million worth of assets. In a recent development, the Web3 security firm has urged the exploiter to return 80% of the stolen funds with an offer of 20% as a white hat bounty.  Notably, it is believed that the hacker is a rogue developer. 

CertiK is collaborating with zkSync Era, the Ethereum layer-2 (L2) scaling platform atop which Merlin is built, to implement the compensation plan. The two will cover the funds lost during the public sale of Merlin DEX’s MAGE tokens.

As reported earlier, CertiK assured that it was probing the exploit. Among the finding is that the exploiter is based in Europe. The firm has brought in the services of law enforcement and Merlin team members to structure the compensation plan. Citing the security firm:

Initial investigations indicate that the rogue developers are based in Europe, and CertiK will collaborate with law enforcement authorities to track them down if direct negotiation is unsuccessful.

Despite platform users being outside of the scope of the smart contract audit, CertiK has indicated the dedication of private key privileges to help the affected users.

Merlin exploit background

Merlin lost almost $850,000 worth of USD Coin (USDC), among other relatively illiquid tokens, on Wednesday, April 26, the third day after the public sale of its MAGE tokens premiered. According to blockchain data, a threat actor with control over the liquidity pool (LP) was able to extract the funds.

Merlin’s code auditor, CertiK, responded with its initial findings by calling out a “potential private key management issue.” Notwithstanding, Crypto Twitter has already called to question the CertiK audit, alleging that there might be a rug pull. Thanh Nguyen, the founder of Verichains, has implied the presence of a “backdoor” in Merlin’s code, saying:

[It is a] clear security risk as there is no use case that requires its approval.

In a statement, CertiK noted, “While audits can identify potential risks and vulnerabilities, they cannot prevent malicious activities on the part of rogue developers such as rug pulls.” Accordingly, the blockchain security firm has cautioned users to go for projects with a ‘KYC Badge,’ which provides extra security, indicating that the project has voluntarily undergone a Know Your Customer (KYC) evaluation process.  

CertiK says that KYC helps reduce and avoid the risk of insider threats, such as rug pulls, besides committing to providing further updates about its compensation plan and the investigation.

In case you missed the story, find it here zkSync DEX Merlin hacked for $1.82 million immediately after CertiK audit

Author

Lockridge Okoth

Lockridge is a believer in the transformative power of crypto and the blockchain industry.

More from Lockridge Okoth
Share:

Markets move fast. We move first.

Orange Juice Newsletter brings you expert driven insights - not headlines. Every day on your inbox.

By subscribing you agree to our Terms and conditions.

Editor's Picks

Ripple holds $1.82 support as low retail demand weighs on the token

Ripple holds $1.82 support as low retail demand weighs on the token

Ripple (XRP) is trading between a key support at $1.82 and resistance at $2.00 at the time of writing on Thursday, reflecting the lethargic sentiment in the broader cryptocurrency market.

Aster declines for fifth straight day despite buyback efforts

Aster declines for fifth straight day despite buyback efforts

Aster trades under intense selling pressure, recording 3% loss at press time on Thursday. The perpetual-focused exchange resumed its Stage 4 buyback program on Wednesday and currently holds almost 52 million ASTER tokens.

Crypto Today: Bitcoin, Ethereum hold steady while XRP slides amid mixed ETF flows

Crypto Today: Bitcoin, Ethereum hold steady while XRP slides amid mixed ETF flows

Bitcoin eyes short-term breakout above $87,000, underpinned by a significant increase in ETF inflows. Ethereum defends support around $2,800 as mild ETF outflows suppress its recovery. XRP holds above at $1.82 amid bearish technical signals and persistent inflows into ETFs.

Bitcoin steadies near $87,000 as strong ETF inflows offset bearish pressure

Bitcoin steadies near $87,000 as strong ETF inflows offset bearish pressure

Bitcoin is attempting to stabilize, holding near $87,000 on Thursday after this week’s pullback. Institutional demand shows signs of optimism, as US-listed spot Bitcoin Exchange-Traded Funds (ETFs) recorded fresh inflows of over $457 million on Wednesday.

Orange Juice Newsletter – Smart insights by real people. Every day.

Orange Juice Newsletter – Smart insights by real people. Every day.

A free newsletter highlighting key market trends to help traders stay a step ahead. Daily insights on the most relevant trading topics, compiled by our experts in an easy-to-read format so you never miss an important move.

Bitcoin: Fed delivers, yet fails to impress BTC traders

Bitcoin: Fed delivers, yet fails to impress BTC traders

Bitcoin (BTC) continues de trade within the recent consolidation phase, hovering around $92,000 at the time of writing on Friday, as investors digest the Federal Reserve’s (Fed) cautious December rate cut and its implications for risk assets.