Latest News

Blockchain Security Firm Freezes $160K Stolen in Merlin DEX ‘Rugpull’

CertiK, a smart contract auditor, claims to have stopped $160,000 from Merlin, a zk-Sync-based decentralized exchange (DEX) that was the target of a rogue insider “rugpull” that cost consumers $1.8 million last week.

CertiK informed its 257,700 Twitter followers on May 5 of the successful $160,000 freezing of the stolen monies. “We have successfully frozen $160K of the stolen funds with the help of partners,” CertiK stated, adding that they continue to track the flow of the stolen cash:

The business said they attempted to “collaborate” with Merlin to retrieve the monies lost in the April 25 “rugpull,” but their efforts were futile.

It prompted the firm to contact law enforcement in the United States and the United Kingdom to identify the pseudonymous operators: “This lack of cooperation has hampered our efforts to validate and assist victims.” We are concentrating on collaborating with law enforcement and have provided material to appropriate US and UK authorities.”

“With the $2 million we’ve committed, we’re exploring all options to combat exit scams,” CertiK stated. According to an earlier article, the security company thinks the “rogue developers” are in Europe.

Concerning the exit scam, CertiK stated that “Merlin insiders abused the owner’s wallet privileges,” consistent with its initial discovery that it was caused by a private key issue rather than an exploit.

Merlin says the rug pull was carried out by their back-end personnel, who have “high confidence.” CertiK, on the other hand, blamed itself for failing to adequately educate customers on the centralization concerns.

In a message to Cointelegraph, the company said that future audit summaries would emphasise this more. “We are working to improve the clarity of our audit summaries in our reports — particularly around centralization risks — and better to communicate the purpose of an audit with the community.”

CertiK, on the other hand, emphasized that smart contract auditors should not be held entirely liable for failing to detect rug pulls: “The purpose of code audits is to find vulnerabilities, not to detect potential rug pulls.” It is critical to remember that many projects, big and small, have centralization concerns that have been identified, and the great majority do not end in a rugpull,” the business said.

On April 27, the business announced a $2 million compensation scheme to reimburse cash lost due to the “exit scam.” The monies promised will be utilized to avoid exit scams and support victims when feasible, according to the business.


Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.