zkSync-based decentralized exchange Merlin is planning to compensate users impacted in a nearly $2 million rugpull with blockchain audit firm CertiK, according to a statement from CertiK.
The rugpull, a type of exit scam, occurred during a public sale of Merlin’s mage tokens, resulting in a significant loss of user funds.
A liquidity pool was launched for the new token and paired with a base token such as ether or a stablecoin like dai. CertiK is actively investigating the incident and plans to work closely with the Merlin team to initiate a compensation plan to cover the lost funds for affected users.
The rogue developers are suspected to be based in Europe, and CertiK plans to collaborate with law enforcement authorities to track them down if direct negotiation is unsuccessful.
Private key privileges are outside the scope of a smart contract audit, but CertiK is committed to assisting impacted users.
Despite the attack occurring despite Merlin touting an audit conducted by CertiK, the two companies are still working together to rectify the situation and compensate users who were impacted.