Search Inside Bitcoins

Over $1.8 million was stolen in a zkSync DEX Merlin attack

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Over $1.8 million was stolen in a zkSync DEX Merlin attack
Over $1.8 million was stolen in a zkSync DEX Merlin attack

Join Our Telegram channel to stay up to date on breaking news coverage

The crypto industry has recently received reports of a new major hack, and this time, online criminals have targeted zkSync’s DEX Merlin. According to the founder of 0xScope, 0xBobie, the stolen funds were sent to two separate wallets:

  • 0x0b8a3ef6307049aa0ff215720ab1fc885007393d
  • 0x2744d62a1e9ab975f4d77fe52e16206464ea79b7

Meanwhile, Wu Blockchain officials have said that the public sale and the launch of Core Farming Pools were delayed in order for Certik to complete its audit and reassure investors that everything is in order. But, shortly after the audit was completed and Merlin finally started its public sale, the unknown individual targeted the project stealing $1.82 million along the way.

WuBlockchain said that “zkSync DEX Merlin which got Certik Audit was hacked, more than $1.82 million in stolen funds, LP has been drained. Recently, the zkSync project has mixed quality. please check carefully.”

Looking into the issue, Certik responded by saying that the initial findings point to a potential private key management problem rather than an exploit as the root cause. The company added that audits could not prevent issues involving private keys, but even so, Certik itself always highlights best practices for the projects.

The investigation of the incident

The company said in a tweet that it is actively investigating the incident, which happened soon after the project successfully passed its audit. The only issue the project found with the DEX is the matter of centralization, highlighted under the section “Decentralization Efforts.” It added that the discovery of any fol play would be handled quickly by notifying the appropriate authorities.

Due to Certik’s close involvement with the project, the company’s founder was interviewed by Chinese media. He expressed pride in the firm’s accomplishments so far, stating that Certik made major strides in blockchain security. It has achieved 70% share of the crypto security market. He further claimed that the company had reduced the cost of Web3 security audits by over 90%. This would likely encourage others to seek audits from the firm moving forward.

Naturally, the community was not too happy with the incident, and many have started calling Merlin a rug on Twitter. Someone even reported an alleged “malicious code” in the project’s code. However, this was explained as a backdoor code (L87-88) that allows the feeTo of MerlinFactory to transfer all assets in the pair in addition to the fee in the swap function. The same individual who reported the backdoor — Thanh Nguyen, who founded blockchain security firm, Verichains, concluded that the insertion of a backdoor was intentional rather than a result of centralization, as suggested by Certik’s response.


Smog (SMOG) - Meme Coin With Rewards


Smog token
  • Airdrop Season One Live Now
  • Earn XP To Qualify For A Share Of $1 Million
  • Featured On Cointelegraph
  • Staking Rewards - 42% APY
  • 10% OTC Discount -
Smog token

Join Our Telegram channel to stay up to date on breaking news coverage

Read next