Smart contract auditor CertiK offered a 20% white hat bounty to rogue developers of Merlin DEX.
According to information on April 26 statementa blockchain security firm was considering a community compensation plan to cover nearly $2 million stolen.
According to CertiK, initial research revealed that the developer of the project was based in Europe. It added that it is working with law enforcement to track them down.
CertiK wrote:
“We raised the issue of private key privilege in our audit report, but we want to help affected users. We are determined to track down who is behind this carpet pull.”
The blockchain company added that it will release more information about the compensation soon.
at the beginning of the day, crypto slate reported that it has confirmed that a zkSync-based decentralized exchange has been abused. According to reports, the abuser had already transferred some of the stolen funds to cryptocurrency exchanges such as Binance and MEXC Global.
Merlin DEX Releases Postmortem
On Twitter on April 26th threadMerlin said several members of the backend team had vacated all contracts.
According to the thread, the developer who roughed up the project made over 1,000 contributions to the Github repository last year. These developers are based in Serbia and their previous projects included Discoverilla and InterFi Network.
Merlin said:
“They chose to run some on-chain transactions to operate all of Merlin’s pools, public sales, and front-end contracts. This was done by implementing the ability to allow the invoke action on all Marlin pairs.”
Merlin said it was issuing refunds to all affected users, adding that it had notified the relevant authorities in Serbia about the incident.
Meanwhile, the stolen funds are tracked to a wallet that currently holds 402 ETH (worth $783,195).
A post by CertiK offering a 20% white hat bounty to rogue developers of Merlin DEX first appeared on CryptoSlate.
