Crypto security firm CertiK is working on a compensation plan for users impacted by the almost $2 million rug pull of the Merlin decentralized exchange, the company said via Twitter on 26 April.
According to the announcement, CertiK continues its investigation into the Merlin DEX exit scam, and is now working with the remaining Merlin team members on a community complensation plan to cover the close to $2 million in stolen funds. The firm’s initial investigation indicated that the developers behind the incident were based in Europe, and is now working with law enforcement authorities to track then down.
The Merlin incident took place on Wednesday morning during the public sale of the DEX’s Mage (MAGE) tokens. While initially believed to be a hack, the incident was eventually confirmed to be a rug pull conducted by several developers. Around $1.8 million were stolen from the zkSync-based DEX, which had its code audited by CertiK only days before the incident.
Many on Crypto Twitter were quick to place the blame for the incident on CertiK’s security audit, but the company pointed out that its audit warned of several risks, including the developers access to funds deposited in the smart contract. CertiK also noted that while it is possible to identify potential risks and vulnerabilities in the code, the company is unable to prevent malicious activities from rogue developers.