Smart contract auditor CertiK claims to have blocked $160,000 from Merlin, a zk-Sync-based decentralized exchange (DEX) which has been the center of a rogue insider "rugpull" that lost users $1.8 million last week.
CertiK shared the news of its successful $160,000 freeze of the stolen funds in an update to its 257,700 Twitter followers on May 5.
“We have successfully frozen $160K of the stolen funds with the help of partners,” CertiK said, adding that they’re continuing to monitor the movement of the stolen funds:
We have successfully frozen $160K of the stolen funds with the help of partners. We will continue to monitor the movement of all stolen funds in an attempt to freeze and recover the remaining amount.
The firm explained that they tried to “collaborate” with Merlin to recover the funds stolen from the April 25 "rugpull" but the effort was to no avail.
It led the firm to reach out to law enforcement in the United States and the United Kingdom in an attempt to uncover the identities of the pseudonymous operators:
“We are exploring all possibilities to fight exit scams with the $2M we’ve committed,” CertiK added.
The security firm believes the “rogue developers” are based in Europe, according to an earlier post.
As for the exit scam, CertiK said “Merlin insiders abused the owner's wallet privileges,” which is consistent with its initial finding that it came from a private key issue as opposed to an exploit.
Merlin claims the rug pull was carried out by its back-end team, which they claim to have put a “high degree of trust in.”
We are deeply saddened by the actions of the technical team, whom we put a high degree of trust in. Merlin will continue to support our community and resolve the issue.
Related: April’s crypto
Read more on cointelegraph.com