Blockchain Tech security company CertiK posted on May 4 that it has successfully blocked $160,000 in stolen funds from Merlin, a decentralized exchange according to zkSync recently hit by a rogue insider rug pull. The fraudulent activity resulted in losses of $1.8 Million for users last week.
Reports by a Twitter thread issued on May 4, CertiK reiterated that insiders pulled the Merlin DEX rug. The blockchain tech security company, on the other hand, indicated that its efforts to collaborate with Merlin to recover the funds were unsuccessful because the project’s other team members were unwilling to verify their true identities.
The lack of participation has complicated the efforts to aid victims of the exploit. Still, CertiK is working with law enforcement in the United States and the United Kingdom to reveal the identities of the pseudonymous operators in charge of the rug pull.
CertiK believes the “rogue developers” behind the scam are based in Europe. Reports by the company, the insiders at Merlin abused the owner’s wallet privileges, which is consistent with its initial finding that the challenge was related to a private key challenge rather than an exploit.
Merlin asserts that the rug pull was carried out by its back-end team, whom they had put a “ high level of trust in.”
The zkSync-based decentralized exchange was compromised on April 25, several days after its launch. CertiK noted at the time that the project had “centralization risks” in its audit of the company.
Compensation strategy worth $2 Million announced for exit scam victims
The blockchain tech security company admitted that it did not highlight this danger appropriately and that the centralized privileges should have been distinctly emphasized to make users aware of the dangers. To prevent similar incidents in the future, CertiK pledged to prioritize centralization dangers in audit summaries to secure that users have a complete image of potential dangers. CertiK announced a compensation strategy worth $2 Million to cover the losses suffered by victims of the exit scam on April 27.
The security company has likewise pledged to use the funds to assist prevent similar scams in the future and provide assistance to those influenced.