Blockchain security company CertiK stated that it has frozen $160,000 of the $1.8 million taken by malicious developers from Merlin DEX.
Merlin was rug-pulled by insiders, CertiK said in a May 4 Twitter discussion. The company claims that attempts to work with the other project team members were unsuccessful because they refused to confirm their real identities.
This lack of collaboration, according to CertiK, hampered its attempts to assist exploit victims. It did add, however, that it was collaborating with law enforcement to prosecute the hackers.
“We have successfully frozen $160k of the stolen assets with the help of partners”
CertiK said, adding that they are continuing to monitor the movement of the stolen funds. The firm explained that it tried to “collaborate” with Merlin to recover the funds stolen from the April 25 rug pull but the efforts was to no avail.
The smart contract auditor also said that $2 million had been set aside to combat exit frauds. A few days after it launched on April 24, the zkSync-based decentralized exchange was hacked. In their audit of the company at the time, CertiK noted that the project posed “centralization risks”.
CertiK has confessed in a statement that it did not adequately identify this danger. It stated:
“Although the centralization risks were called out in the report, we didn’t make the impact of these findings as clear as they needed to be. The centralized privileges should have been distinctly highlighted so users were aware of the risks.”
In order to avoid this from happening again, it promised to “prioritize centralization risks in audit summaries to ensure users have a complete picture of potential risks.”
