Rug pull: Merlin siphoned off by its back-end developers

The DEX Merlin was the victim of a rug sweater orchestrated by several of his developers. The DeFi protocol seeks today, with the blockchain auditor Certik, à compensate the users affected.

On Wednesday, the zkSync-based cryptocurrency exchange protocol announced that its service had been hacked, without further details. The auditor of its smart contracts, Certikindicated at the same time that it was a private key management problem and not a classic hacking, naturally making one think of yet another rug pull.

Last night, Merlin finally communicated on the subject and confirmed that it was indeed a rug sweateror an exit scam. This time, it is not the founders of the project who disappeared with the cash but some of its developers.

It is with the deepest regret that we must inform you of a major defect in the structural integrity and controls of the Merlin platform […] Members of the Back-End team have voided all of our contracts,” Merlin wrote in a thread on Twitter.

DEX recalled that the highly regarded blockchain security startup Certik had completed a full audit of its contracts. “However, there was a clear oversight of the overall power the owner had over the pools “he said.

Merlin is currently collaborating with Certik to return the funds to the victims. The blockchain specialist, for its part, said it was working on setting up a “community reimbursement plan “ to cover sunk costs in the rug pull, the equivalent of about 2 million dollars in various tokens.

Initial investigations indicate that the rogue developers are based in Europe, and we are working with law enforcement to track them down. We urge them to accept a 20% White Hat bounty. Although we raised the private key privilege issues in the audit report, we want to help affected users.” tweeted Certik.

Follow Corners.en on Twitter, Linkedin, Facebook or Telegram to not miss anything.