CertiK, a blockchain security company, recently claimed that it has successfully frozen $160,000 in stolen funds from Merlin, a decentralized exchange based on zkSync, that experienced an insider “rug pull” last week, costing users $1.8 million.

In a recent update, CertiK confirmed that it was able to block the stolen funds with the assistance of its partners and is closely monitoring the movement of these funds. However, the firm noted that its attempts to recover the funds through collaboration with Merlin proved unsuccessful.

CertiK has since reached out to law enforcement agencies in the United States and the United Kingdom for help in identifying the pseudonymous operators behind the scam.

The security company suspects that the rogue developers are based in Europe. CertiK added that it is exploring all possible ways to fight exit scams using the $2 million committed.

According to CertiK, the Merlin insiders abused the owner’s wallet privileges to carry out the rug pull, which was consistent with the company’s initial finding that the incident resulted from a private key issue, rather than an exploit.

Merlin claimed that the back-end team was behind the scam, which the company put a “high degree of trust in.” CertiK, however, partially blamed itself for failing to properly inform users about centralization risks.

In light of this event, CertiK has pledged to place more emphasis on centralization risks in its future audit summaries to improve the clarity of the reports and better communicate with the community.

However, CertiK emphasized that code audits serve to uncover vulnerabilities and not to detect potential rug pulls, adding that many flagged centralization issues in various projects, both large and small, do not result in rug pulls.

CertiK launched a $2 million compensation plan to cover the funds lost in the exit scam and prevent such incidents while assisting victims where possible.

Tags