On April 26th, the decentralized exchange Merlin fell victim to a security breach, resulting in a loss of $1.82 million. Researchers from PeckShield and several community members identified the exploit and shared the attacker’s addresses. The stolen funds, primarily USDC tokens, were transferred from zkSync to Ethereum.
Following the incident, community members have urged Circle to freeze the compromised funds. However, it seems premature for Circle to intervene, considering the hack occurred only hours ago. While the Merlin team has not yet commented on the situation through their official Twitter account, the crypto community has fervently discussed the event.
How the Merlin DEX Hack Transpired
The attacker managed to deplete the liquidity pool of the Merlin DEX, a project built on the zkSync platform. That suggests that they exploited the smart contracts governing the liquidity pool. Despite undergoing audits, DeFi platforms continue to be prime targets for hackers, with hundreds of millions of dollars already stolen this year.
Merlin, launched just a few days prior, gained significant attention due to its zkSync foundation and numerous established partnerships. In addition, the platform’s primary feature, Core Farming Pools, attracted millions of dollars within days of its launch.
zkSync and the MAGE Token Presale
As a Layer 2 zk-rollup-based scaling solution for Ethereum, zkSync is hosting a public sale for the MAGE token. The hack’s impact on the presale remains uncertain, but investors will likely approach the platform cautiously.
The recent hack has sparked additional concerns among the crypto community, given that Merlin was audited by renowned security firm CertiK just days before its launch. The incident underscores the importance of security and risk mitigation in the industry and the potential limitations of audits.
CertiK’s Track Record and the Future of DeFi Audits
CertiK has previously audited several projects that later experienced hacks, including PancakeBunny, Uranium Finance, and Meerkat Finance. That has led the crypto community to question the quality and effectiveness of these audits.
CertiK also faced criticism for its audit of Terra, mainly due to a founder’s excessively laudatory statement regarding Terra’s design. The combination of hacks following audits and the Terra controversy has left the crypto community increasingly skeptical.
In light of these events, the necessity of DeFi audits is being called into question. To regain public trust, projects must prioritize the quality of audits and focus on developing secure, impenetrable designs.
None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.