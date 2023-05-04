Exchange
Blockchain and crypto asset exchange
Academy
Blockchain and crypto education
Learn & Earn
Earn free crypto through learning
Charity
Powering blockchain for good
Cloud
Enterprise exchange solutions
DEX
Fast and secure decentralized digital asset exchange
Labs
Incubator for top blockchain projects
Launchpad
Token Launch Platform
Research
Institutional-grade analysis and reports
Trust Wallet
Binance's official crypto wallet
Binance Gift Card
Customizable crypto gift card
Binance Live
Bringing blockchain broadcasts to you live
BABT
Verified user credentials for the Web3 era
DeFi Wallet
Meet the next-generation Web3 wallet
OTC Trading
Spot, Options, Algo Orders and more
Accept Crypto Payment
Allow your customers to pay with crypto
Buy Crypto
Pay with
Markets
Markets Overview
Overview of the crypto market with real-time prices and key data
Trading Data
View top market movers and price performance
Trade
Binance Convert
The easiest way to trade
Spot
Trade crypto with advanced tools
Margin
Increase your profits with leverage
Trading Bots
Trading made easy, trade like a pro
P2P
Bank transfer and 100+ options
Swap Farming
Swap to earn BNB
Fan Token
Upgrade your fan experience
OTC Block Trading
RFQ and trade large spot orders
Derivatives
USDⓈ-M Futures
Perpetual or Quarterly Contracts settled in USDT or BUSD
COIN-M Futures
Perpetual or Quarterly Contracts settled in Cryptocurrency
Options
Buy and Sell European-style Options.
Leveraged Tokens
Enjoy increased leverage without risk of liquidation
Leaderboard
Exclusive ranking for Binance traders, follow top traders' strategies
Binance Futures Overview
View our full range of crypto-derivative instruments
Futures Markets
View trends and opportunities in the Futures Markets before trading
Responsible Trading
Learn how you could practice responsible trading with Binance Futures
Blog
Expand your knowledge and get the latest insights in Derivatives Trading
VIP Portal
VIP Exclusive, Tailor-made Institutional Grade Services
Earn
Binance Earn
One-stop Investment Solution
Launchpad
Token Launch Platform
Simple Earn
Earn daily rewards on your idle tokens
DeFi Staking
Easy Access to DeFi Opportunities
BNB Vault
Earn Multi-benefits with BNB
Dual Investment
Commit your crypto holdings and enjoy high returns
Liquidity Farming
Add liquidity and earn double
Auto-Invest
new
Accumulate crypto on autopilot
Binance Pool
Mine more rewards by connecting to the pool
ETH Staking
One click staking, rewards paid daily
Range Bound
new
Earn high rewards when the market moves sideways
NFT
Institutional
Institutional Home
Premium digital asset solutions for institutions
Link
Connect and grow with Binance liquidity solutions
Asset Management Solutions
Discover various asset management solutions
VIP Portal
One-stop station made for VIP and institutions
Custody
Secure digital assets with leading infrastructure
VIP Loan
Bespoke institutional loan with wide coverage
APIs
Unlimited opportunities with one key
Historical Market Data
Your all-in-one trading data repository
Execution & OTC Services
Execution & OTC Services
Feed
USD
Flash news
copy link
create picture
more

Blockchain Security Firm Freezes $160K Stolen in Merlin DEX 'rugpull'

Cointelegraph By Brayden Lindrea
2023-05-07 11:17
Full disclaimer: This platform includes third party opinions. We do not endorse their accuracy. Digital asset prices can be volatile. Do your own research. See full terms here.
Smart contract auditor CertiK claims to have blocked $160,000 from Merlin, a zk-Sync-based decentralized exchange (DEX) which has been the center of a rogue insider "rugpull" that lost users $1.8 million last week.
CertiK shared the news of its successful $160,000 freeze of the stolen funds in an update to its 257,700 Twitter followers on May 5.
“We have successfully frozen $160K of the stolen funds with the help of partners,” CertiK said, adding that they’re continuing to monitor the movement of the stolen funds:
We have successfully frozen $160K of the stolen funds with the help of partners. We will continue to monitor the movement of all stolen funds in an attempt to freeze and recover the remaining amount.
— CertiK (@CertiK) May 4, 2023
The firm explained that they tried to “collaborate” with Merlin to recover the funds stolen from the April 25 "rugpull" but the effort was to no avail.
It led the firm to reach out to law enforcement in the United States and the United Kingdom in an attempt to uncover the identities of the pseudonymous operators:
“This lack of cooperation has complicated our efforts to validate and aid victims. We are focusing on working with law enforcement and have submitted information to relevant US & UK agencies.”
“We are exploring all possibilities to fight exit scams with the $2M we’ve committed,” CertiK added.
The security firm believes the “rogue developers” are based in Europe, according to an earlier post.
As for the exit scam, CertiK said “Merlin insiders abused the owner's wallet privileges,” which is consistent with its initial finding that it came from a private key issue as opposed to an exploit.
Merlin claims the rug pull was carried out by its back-end team, which they claim to have put a “high degree of trust in.”
We are deeply saddened by the actions of the technical team, whom we put a high degree of trust in. Merlin will continue to support our community and resolve the issue.
— Merlin (@TheMerlinDEX) April 26, 2023
CertiK, on the other hand, attributed part of the blame to themselves for failing to properly inform users of the centralization risks.
In a note to Cointelegraph, the firm said they would place more emphasis on this in future audit summaries.
“We are working to improve the clarity of our audit summaries in our reports - especially around centralization risks — and to better communicate with the community about the purpose of an audit.”
Going forward, CertiK will prioritize centralization risks in audit summaries to ensure users have a complete picture of potential risks. We recognize that audit reports can be highly technical documents, and it’s our job to communicate the risks clearly and transparently.
— CertiK (@CertiK) May 4, 2023
CertiK however stressed that smart contract auditors shouldn’t be held fully responsible for failing to identify rug pulls:
“Code Audits serve the purpose of uncovering vulnerabilities, not to detect a potential rugpull. Its important to recognize that many projects both large and small have centralization issues flagged, and the vast majority do not result in a rugpull,” the firm said.
The firm launched a $2 million compensation plan to cover the funds lost as a result of the “exit scam” on April 27.
The firm added that the funds pledged will be used to prevent exit scams and assist victims where possible.
View full text