Cointime

Cointime

Download App
iOS & Android

Internal Rug Pull Confirmed in Merlin DEX Incident, CertiK Recovers $160K of Stolen Funds

Cointime Official

May 5 (Cointime) - Blockchain cybersecurity firm, CertiK, has provided an update on the Merlin DEX incident that occurred on April 25th. The incident involved an internal rugpull by Merlin insiders, who took $1.8M of their users' funds by abusing the owner wallet's privileges.  

Last week, Cointime reported that Merlin, the DEX built on ZkSync, has experienced a liquidity drain. Merlin had recently undergone a CertiK audit and launched a public sale on April 24.

So far, $160K of the stolen funds have been frozen with the help of partners, and the company will continue to monitor the movement of all stolen funds in an attempt to freeze and recover the remaining amount.    

According to the tweet thread,  CertiK initially tried to collaborate with the remaining members of the Merlin team to aid victims, but encountered difficulties due to several core members' unwillingness to verify their true identities. As a result, CertiK is now focusing on working with law enforcement and has submitted information to relevant US and UK agencies. The firm is also exploring all possibilities to fight exit scams with the $2M they have committed. 

CertiK has admitted that although the centralization risks were called out in the report, the impact of these findings was not made clear enough. The firm stated:

"The centralized privileges should have been distinctly highlighted so users were aware of the risks. Going forward, CertiK will prioritize centralization risks in audit summaries to ensure users have a complete picture of potential risks."

Read the full thread:

This lack of cooperation has complicated our efforts to validate and aid victims. We are focusing on working with law enforcement and have submitted information to relevant US & UK agencies.

We are exploring all possibilities to fight exit scams with the $2M we’ve committed.

We have successfully frozen $160K of the stolen funds with the help of partners. We will continue to monitor the movement of all stolen funds in an attempt to freeze and recover the remaining amount.

Although the centralization risks were called out in the report, we didn’t make the impact of these findings as clear as they needed to be.

The centralized privileges should have been distinctly highlighted so users were aware of the risks.

Going forward, CertiK will prioritize centralization risks in audit summaries to ensure users have a complete picture of potential risks.

We recognize that audit reports can be highly technical documents, and it’s our job to communicate the risks clearly and transparently.

To clarify: the $2 million we have pledged will be used to fight exit scams as well as help scam victims

Certik
Comments

All Comments

Recommended for you

  • In the past 24 hours, the entire network has liquidated $139 million, and long orders have liquidated $83.5374 million

    According to Coinglass data, there were liquidations totaling $139 million in the past 24 hours, with a total of 56,471 people being liquidated.Of these, long positions were liquidated for $83.5374 million, short positions were liquidated for $55.4391 million, BTC was liquidated for $39.2379 million, ETH was liquidated for $26.5550 million, and SOL was liquidated for $10.2312 million.

  • Türkiye proposes to align crypto legislation with international standards

    Turkey's ruling party submitted a draft encryption bill to parliament on May 16. The bill focuses on licensing and registration of encryption service providers and aligning with international standards.The draft law aims to update existing legislation to comprehensively regulate the emerging cryptocurrency market. The key areas of focus for the bill include consumer protection, platform transparency, and compliance with financial regulations. The proposed legislation aims to regulate cryptocurrency trading platforms and other service providers in the industry, requiring them to obtain a license from the Capital Markets Board of Turkey.

  • Binance assisted Taiwan’s law enforcement agencies in cracking a major virtual asset case involving nearly NT$200 million

    On May 17th, Binance announced that the Financial Crime Compliance department (FCC) of Binance, in collaboration with the Taiwan Department of Justice Investigation Bureau, has successfully cracked a major criminal case involving money laundering of virtual assets, with an involved amount of nearly 200 million New Taiwan dollars. Throughout the entire case, Binance provided support to Taiwan's crime fighters, offering crucial intelligence and assistance, and played a key role in promoting the investigation.

  • $1.2 billion in notional value of BTC options and $930 million in ETH options are set to expire

    Greeks.live data shows that on May 17th, 18,000 BTC options with a put/call ratio of 0.63 and a maximum pain point of $63,000 (nominal value of $1.2 billion) will expire. Additionally, 320,000 ETH options with a put/call ratio of 0.28 and a maximum pain point of $3,000 (nominal value of $930 million) will also expire. Greeks.live states that this week, inspired by the meme stock craze in the US, BTC ETFs have seen significant inflows, causing BTC to surge above $65,000. However, the rest of the crypto market remains weak, with trading volume continuing to decline, and the divergence in the options data of BTC and ETH reflects this. Looking at the structure of bulk trades and market trades, the downward trend in IV for major deadlines has ended and entered a consolidation phase, with limited downside potential at present. BTC longs and shorts are relatively balanced, while the weak ETH price has led to a continuous decline in market confidence, with selling calls becoming the absolute main transaction.

  • Tether CEO: 1 billion USDT will be issued on Tron Network, but it has been authorized but not yet issued

    On May 17th, Tether CEO Paolo Ardoino announced that 1 billion USDT had been issued on the Tron Network early this morning Beijing time, but not yet released. This means that the amount will be used as inventory for the next issuance request and chain exchange.

  • On-chain indexing service Subsquid completes financing of US$17.5 million, with participation from DFG and others

    Subsquid, a chain indexing service, announced the completion of a $6.3 million financing through the CoinList community. As of now, its total financing amount has reached $17.5 million, with participation from DFG, Hypersphere, Zee Prime, Blockchange, and Lattice. It is reported that its native token, SQD, is scheduled to be listed this Friday. The Subsquid SDK has been integrated with Google BigQuery, allowing developers to use Google's technology to analyze blockchain data and reduce the data costs of large-scale deployment in the blockchain and developer communities.

  • Optimism 2024 Q1 Report: The implementation of EIP-4844 reduces L1 submission costs by 99%

    Optimism has released its Q1 2024 report, which shows that the number of daily active addresses has reached 89,000 (a 23% increase compared to the previous period), and the daily transaction volume has increased to 470,000 (a 39% increase compared to the previous period). These indicators are slightly lower than the historical high point in Q3 2023.

  • US Secret Service seizes domain used to run cryptocurrency scam

    On May 17th, the US Secret Service seized a domain used for cryptocurrency trust fraud in a "pig-killing plate" scam. In the "pig-killing plate" scam, scammers contact victims through various means, including dating apps, social media websites, and even random text messages disguised as wrong numbers.

  • Peaq Completes $20 Million Fundraising via CoinList Launch

    Peaq, a Layer1 blockchain applicable for DePIN and machine RWA, announced on X platform that it raised $20 million through its native token Launch, which was launched on CoinList from May 9 to May 16. As of now, over 145,000 community members have completed over-subscriptions of over $36 million. The new funds will be used to accelerate the growth of the peqosystem and further consolidate various ecosystem and community plans.

  • CertiK Chief Security Officer: The number of security incidents as of September 2023 has exceeded the total in 2022

    On October 23, at the ETH HK Side Event, a Web3 ecosystem security forum jointly held by CertiK and OKLink in Causeway Bay, Hong Kong, Professor Li Kang, Chief Security Officer of CertiK, shared his views on digital asset security construction. He pointed out that according to CertiK's statistics, the number of security incidents as of September 2023 has exceeded the total number in 2022. Hacking attacks and fraudulent behavior are still important threats, seriously hindering the development of the Web3 industry. Li Kang also mentioned the revolutionary feature of transparency in the Web3 field. The entire ecosystem can reduce security risks through public and transparent measures, such as asset management solutions. At the event, leaders from the Hong Kong Investment Promotion Agency, OKLink, and BlockSec shared their related work and latest developments in Web3 security construction. For example, CertiK and OKLink have received responses from multiple exchanges in asset tracking locking and data labeling. Finally, Li Kang hopes to further strengthen Hong Kong's position as a Web3 innovation gateway in the rapidly growing Asia-Pacific region through this sharing, and jointly promote the safe application and landing of Web3 technology.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company