In a major blow to the decentralized exchange (DEX) community, it was reported that DEX Merlin on the zkSync network was hacked, resulting in the loss of $1.82M worth of assets.
On Wednesday morning, hackers drained $850,000 in USD Coin (USDC) from Merlin, along with some other rather illiquid tokens.
The hack has sent shockwaves throughout the blockchain industry and highlights the continued vulnerability to cyberattacks. According to 0xBobie, the founder of OxScope, the stolen money was discovered in two wallets.
The attacker emptied the liquidity pool of the Merlin DEX. The project, which is built on zkSync, is one of the network’s more noteworthy applications. The fact that the attacker drained the liquidity pools suggests that they engineered the smart contracts in the liquidity pools. Despite Merlin’s audit by blockchain security firm CertiK, the hack occurred. The audit was concluded with “No Critical Findings,” according to CertiK’s website data.
The official launch of the Core Farming Pools and the public sale, according to Wu, was postponed until the Audit by Certik was finished in order to reassure potential investors. Unfortunately, the money was stolen by an unknown culprit shortly after the audit was completed and Merlin launched the public sale.
In response to the hack, Certik announced that they are actively investigating the MerlinDEX incident.
”Initial findings point to a potential private key management issue rather than an exploit as the root-cause.” “While audits cannot prevent private key issues, we always highlight best practices to projects. Should any foul play be discovered, we will work with the appropriate authorities and share relevant info.”
This incident raised worries about the security of DEXs and the necessity for further security to protect users’ funds. While DEXs provide a more decentralized and user-friendly alternative to traditional centralized exchanges, they are nonetheless vulnerable to attacks due to their open nature.
Read Also: List of popular launchpads on Zksync