CertiK a smart contract auditing company recently claimed the news of blocking $160,000 from a zkSync-based decentralized exchange namely, Merlin. Merlin was recently involved in a “rug pull” case because of which users lost close to $1.8 million dollars. A few days after the “rug pull” case CertiK took it to their Twitter account to inform them that they’ve successfully frozen $160,000 from the stolen funds.
CertiK tweeted that with the help of partners, they’ve successfully recovered $160,000 from the stolen funds and that they’re continuously monitoring the situation.
CertiK’s allegations
CertiK informed that Merlin the DEX involved in the “rug pull” didn’t cooperate with them when the security agency tried to collaborate with them in order to restore the stolen funds from the 25th of April happening. Ultimately non-cooperation from Merlin led the security firm to reach out to the United States and United Kingdom law enforcement and inform and uncover the identities of the operators involved in the “rug pull”.
CertiK further added that they were forced to go to the UK and US enforcement offices and reveal the details because of a lack of cooperation from Merlin and that they’re continuously trying to validate and aid victims. CertiK further added that they’re looking at all the options to fight exit scams and the $2 million that they’ve committed to.
CeriK believes that the “rogue developers are based in Europe and that Merlin, the company involved, has their owner’s wallet privileges. Their final findings reveal that it happens because of a private key issue as opposed to an exploit.
On the other hand, Merlin defended itself by saying that the “rug pull” was carried out by their back-end team on whom they put a high degree of trust.
CertiK takes responsibility for the happenings
Certik, the security firm has taken a part of the blame on themselves for failing to inform users about the centralization risks that persist.
CertiK said that they’re continuously working to improve the clarity of audit summaries in their reports and to better communicate with the community about the risks that lie with centralization and explain the purpose of the audits. For the failure to identify “rug pull” the smart contract auditors shouldn’t be held responsible pleaded CertiK.
CertiK explained that the major purpose of the auditors or the code audits is to check for vulnerabilities not to detect potential rug pulls. They further added that many projects both small and large have centralization issues and not all of them result in a rug pull.
The security firm further added that they’ve launched a compensation for $2 million to cover the fund that was lost due to the “rug pull” and they pledged that they will compensate victims and use the pledged fund to prevent further “exit scams” from happening.
Source: https://www.thecoinrepublic.com/2023/05/05/merlin-dex-rug-pull-160000-recovered-by-security-firm/