CertiK to Compensate Victims of Merlin DEX Rug Pull

  • Security firm CertiK had conducted an audited of Merlin’s code only days before rogue developers stole close to $2 million from the project.
  • The company is now working with the remaining Merlin team members on a community compensation plan to cover the stolen funds.


Crypto security firm CertiK is working on a compensation plan for users impacted by the almost $2 million rug pull of the Merlin decentralized exchange, the company said via Twitter on 26 April.

According to the announcement, CertiK continues its investigation into the Merlin DEX exit scam, and is now working with the remaining Merlin team members on a community complensation plan to cover the close to $2 million in stolen funds. The firm’s initial investigation indicated that the developers behind the incident were based in Europe, and is now working with law enforcement authorities to track then down.

The Merlin incident took place on Wednesday morning during the public sale of the DEX’s Mage (MAGE) tokens. While initially believed to be a hack, the incident was eventually confirmed to be a rug pull conducted by several developers. Around $1.8 million were stolen from the zkSync-based DEX, which had its code audited by CertiK only days before the incident.

Many on Crypto Twitter were quick to place the blame for the incident on CertiK’s security audit, but the company pointed out that its audit warned of several risks, including the developers access to funds deposited in the smart contract. CertiK also noted that while it is possible to identify potential risks and vulnerabilities in the code, the company is unable to prevent malicious activities from rogue developers.

Related Coverage
CEO of Collapsed Turkish Exchange Sentenced to 11,000 Years in Prison
  • Faruk Özer and his two siblings were sentenced to 11,196 years in prison for their involvement in the $2 billion rug pull of Turkish crypto exchange Thodex in 2021.
  • Özer fled the country after the collapse of the exchange, but was detained in Albania a year later, and extradited back to Türkiye in April 2023 where he faced seven criminal charges.
September 8, 2023, 1:10 PM


Coinbase’s Layer-2 Network Base Completes Security Audits
  • Coinbase’s protocol security team and over 100 external security researchers were involved with testing the upcoming layer 2 Base blockchain over the past six months.
  • The project said it has now completed four out of five criteria for Base’s mainnet launch, with the remaining one being to demonstrate “testnet stability”.
Crypto Lender Kokomo Finance Conducts $4M Exit Scam
  • Blockchain security firm CertiK warned that the team behind Kokomo Finance have executed a rug pull on Sunday, and stolen around $4 million in user funds.
  • The website and social media accounts of the Optimism-based crypto lender have all been deleted, while its KOKO native token fell by more than 98%.