- Merlin, a new DEX on zkSync Era, lost $1.82 due to a bug in its smart contracts or private key mismanagement.
- Just two days ago, Merlin passed CertiK’s code audit.
- Some evidence points to an inside job by Merlin’s anonymous developers.
2023 has been one of the worst years for decentralized exchanges in terms of hacking incidents. Multiple DeFi projects on various blockchains have been exploited for millions of dollars.
And the trend is continuing. On Wednesday, a decentralized exchange on zkSync Era got hacked for $1.82 million.
DEX on zkSync Hacked for $1.82 Million
Merlin, a new decentralized exchange on Ethereum Layer-2 zkSync Era, experienced a costly exploit on Wednesday. The exchange was hacked for $1.82 million.
The hack is especially interesting because of suspicious timing. Merlin received a code audit on Monday from CertiK, one of the most reputable smart contract auditors.
In the audit, CertiK said it found no potential bugs that may lead to exploits. However, the firm did mention in the audit that there are certain centralization risks related to how Merlin is managing its private keys.
Reacting to the incident, CertiK said that the exploit is most likely related to a potential “private key management issue” rather than an “exploit as the root-cause.”
“While audits cannot prevent private key issues, we always highlight best practices to projects. Should any foul play be discovered, we will work with the appropriate authorities and share relevant info. Stay tuned for updates.”
Merlin itself has only acknowledged the incident and asked to “revoke connected site access on your wallets/sign permission” but hasn’t yet offered any more details.
And it’s possible that it won’t. Some users are pointing out that the Merlin hack was likely carried out by Merlin insiders due to a bug left out intentionally in the smart contracts.
On top of that, Merlin had just begun publicly selling its token, MAGE. Some users have also pointed out that the developers behind Merlin are anonymous.
On the Flipside
- It’s possible that the hack happened because of honest mismanagement of private keys. However, this is still to be seen as no new information is currently available.
Why You Should Care
Users who want to use decentralized exchanges, especially those just launched, should be extra careful.
Read more about a recent KuCoin Twitter hack:
How to Stay Safe After the KuCoin Twitter Hack
Read more about Visa’s plans with crypto:
Visa Is Hiring Software Engineers for ‘Ambitious’ Crypto Product Roadmap
Credit: Source link