Exploiting zkSync-based decentralized exchange Merlin for $1.82 million

CertiK-audited DEX Merlin faces a $1.82 million hack. The attacker drained funds from the DEX liquidity pool, which is built on top of zkSync.

Decentralized exchange Merlin was hacked on April 26, losing $1.82 million. PeckShield and several community members indicated that the exchange was exploited, and provided addresses of the exploiters. The funds, which took the form of USDC tokens, were transferred from zkSync to Ethereum.

Another DeFi exploit

members of their community Requested Circle froze the funds, though it seems too early for Circle to take any action, as the hack happened only hours earlier. Merlin’s team has not released any statement regarding the incident, at least on Twitter. However, the cryptocurrency community has been vociferously discussing the incident.

Funds moved from Merlin DEX attack: PicShield

The attacker has exhausted the liquidity pool on Merlin DEX. The project, built on zkSync, is one of the most popular applications on the net. The fact that the attacker has depleted the liquidity pool is an indication that he has somehow designed the smart contracts for the liquidity pool.

This incident is another one in the DeFi market, which continues to be a prime target for hackers. Despite being subject to audits, DeFi platforms are still vulnerable to security breaches, with hundreds of millions already drained this year.

What is Merlin?

Merlin was launched only a few days ago. It made a lot of noise because it was built on top of zkSync and even managed to create several partnerships. The main offering of the platform is its core cultivation pools, which have attracted many millions in just a few days.

DEX is built on top of zkSync, a zk layer 2 based scaling solution for Ethereum. You are currently running the public sale of the MAGE token. It is unclear what effect the hack will have on pre-sales. However, investors will be wary of the platform for now.

DeFi audits are being put into question

The cryptocurrency community will be doubly wary because just days before the launch, the platform It is audited by the well-known security company CertiK. However, it should be noted that audits have become a basic necessity in the crypto market. Moreover, the fact that an audit from a company like CertiK has caught the attention of the crypto community indicates that the community values ​​the importance of security and risk mitigation in the industry.

In fact, CertiK has audited many projects in the past that have subsequently been hacked. The list includes PancakeBunny, Uranium Finance, and Meerkat Finance. The end result is what the crypto community is Growing suspicious on the quality of audits.

CertiK audit too terra, which drew its own criticism for a statement based on the Terra’s design, which was lavish in its praise. Hack mix that followed audits and formulations About Terra, the cryptocurrency community is becoming more wary.

As such, DeFi audits are being called into question, though necessary. Projects will have to focus on the quality of these audits and their water tight designs to win over the public.


Adhering to the Trust Project’s guidelines, BeInCrypto is committed to providing unbiased and transparent reporting. This news article aims to provide accurate and timely information. However, readers are advised to independently check the facts and consult with a professional before making any decisions based on this content.

Leave a Reply

Your email address will not be published. Required fields are marked *