Merlin, a decentralized exchange (DEX) based on the Ethereum (ETH) layer 2 protocol zkSync, has confirmed that it has been exploited despite being audited by smart contract auditor Certik.
dex advised Everyone connecting to that site has revoked their wallet/signing permissions. The team added that it was analyzing the exploit and urged everyone to follow the issued instructions.
Merlin still hasn’t answered of crypto slate Request for comments at press time.
CertiK says hacking is a potential private key management problem
CertiK Said Initial research into the hack indicated that it was not an exploit as the root cause, but a potential private key management issue.
The blockchain security firm said an audit of the company highlighted “centralization risks” under “decentralization efforts.” CertiK added that “audits cannot prevent private key problems.”
Meanwhile, CertiK has assured that it will share relevant information with authorities if fraud is suspected.
Despite CertiK’s explanations, some members of the cryptocurrency community have questioned the validity of the audits conducted by the company. CertiK is one of the biggest names in the blockchain security business.
MerlinDEX Exploiters Move Funds to Exchanges
Blockchain security company Peckshield report Merlin DEX exploiters have already transferred some of the stolen funds to exchanges.
According to the company, the abusers transferred 133,800 USDC to MEXC Global and 31,000 USDC to Binance.
meanwhile available information indicates that two addresses were responsible for the exploit. The address starting with 0x2744 got 850,000 USDC and bridged it to Ethereum, while the other address 0x2744d62 stole 844,000 USDC.
According to CeriK, the post first appeared on CryptoSlate, highlighting the “centralization risk” of the Merlin DEX audit.
