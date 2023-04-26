SNEAK PEEK

In a recent incident, the DEX Merlin, a decentralized exchange (DEX) operating on the zkSync layer 2 solutions, was hacked, resulting in a loss of $1.82 million and draining liquidity provider (LP) funds. According to reports, the hackers exploited a vulnerability in the platform’s smart contract, which allowed them to manipulate the LP tokens and drain the funds.

@TheMerlinDEX DEX on #zkSync got hacked, causing a loss of $1.82 million and drained LP. Due to recent reliability #issues, it’s recommended to perform comprehensive checks before proceeding. @PeckShieldAlert @CertiK #Crypto #CryptoNews #InvestorBites — Investor Bites (@InvestorBites) April 26, 2023

As per the reports, the stolen money on the platform is said to be linked to two wallet addresses, which are:

0x0b8a3ef6307049aa0ff215720ab1fc885007393d

0x2744d62a1e9ab975f4d77fe52e16206464ea79b7

In addition, the cybercriminals typically laundered the stolen funds by transferring them to Ethereum (ETH).

Merlin underwent a CertiK audit recently and kicked off its public sale on April 25th. Unfortunately, within less than 24 hours, hackers targeted the project. The team promptly advised users to revoke their approval of the smart contract and is currently investigating the incident.

Developer announcement Can everyone revoke connected site access on your wallets/sign permission We are analysing the exploit of our protocol and would stress that everyone carries out this step as a precaution. More updates will be provided — Merlin (@TheMerlinDEX) April 26, 2023

It’s worth noting that Merlin received a CertiK audit, a security-focused review of the project’s smart contracts. However, hackers still needed to target the project shortly after its public sale began.

CertiK, a security blockchain firm, has announced that they are investigating the DEX Merlin incident following a hack on the platform. According to the firm’s initial findings, the root cause of the issue may be due to a private key management problem rather than an exploit. Although audits cannot necessarily prevent such private key issues, CertiK aims to emphasize best practices for projects to mitigate potential risks.

We’re actively investigating the @TheMerlinDEX incident. Initial findings point to a potential private key management issue rather than an exploit as the root-cause. While audits cannot prevent private key issues, we always highlight best practices to projects. Should any foul play be discovered, we will work with the appropriate authorities and share relevant info. Stay tuned for updates. — CertiK (@CertiK) April 26, 2023

CertiK has committed to working with the appropriate authorities and sharing all relevant information if any suspicious activity is discovered. The firm urges individuals to stay tuned for future updates regarding the ongoing investigation.

