CertiK freezes $160,000 stolen from Merlin DEX

CertiK, a smart-contract security auditing company, announced the freezing of $160,000 withdrawn from the Merlin decentralised exchange following the exploit.

We have successfully frozen $160K of the stolen funds with the help of partners. We will continue to monitor the movement of all stolen funds in an attempt to freeze and recover the remaining amount.

— CertiK (@CertiK) May 4, 2023

“We will continue to monitor the movement of all stolen funds in an attempt to block and recover the remaining amount,” said CertiK representatives.

On 26 April, the platform’s main liquidity pools were drained. The team reported the exploit and urged users to revoke approvals for all smart contracts.

Merlin noted that the funds were withdrawn by several members of the technical team, organizing a rug pull.

CertiK also confirmed the developers’ involvement in the incident. The company has already contacted law enforcement agencies in the United States and the United Kingdom for assistance in the investigation.

“It was an internal struggle. Merlin insiders abused the privileges of the wallet owner. At first we tried to cooperate with the remaining Merlin team members, but several people did not wish to verify their true identities,” security experts explained.

Earlier, the Merlin team announced the development of a compensation plan in coordination with CertiK. They also proposed that the alleged perpetrators take a 20% reward of the withdrawn funds and return the rest.

In April, the attacker who stole about $9 million from the SafeMoon DEX liquidity pool on the BNB Chain agreed to return 80% of the funds.