- PeckShield reported an exploit on the Merlin decentralized exchange (DEX) on zkSync.
- Stolen USDC as reported by the community has reached $1.82 million as of press time.
- The Merlin team is yet to make any statement concerning the hack.
There has been an exploit on the Merlin decentralized exchange (DEX) on zkSync, according to the blockchain security company, PeckShield. According to initial reports, one exploiter stole nearly 850,000 USDC from the DEX and bridged them to Ethereum.
#PeckShieldAlert Our community contributor has reported that Merlin #DEX on #zksync was exploited. One of the exploiters 0x2744…9b7 has grabbed ~850K $USDC and bridged them to #Ethereum https://t.co/hfgjJJY7Ml pic.twitter.com/07uSGMAt7e— PeckShieldAlert (@PeckShieldAlert) April 26, 2023
Further reports by PeckShield revealed hackers transferred nearly 165,000 USDC to Binance and MEXC centralized exchanges. They sent 31,000 USDC to Binance and almost 133,800 USDC to MEXC.
Apart from PeckShield, other community members also shared details about the exploit, with the reported amount drained from a liquidity pool on the DEX reaching $1.82 million as of the time of writing.
While reporting the hack, community members provided the wallet addresses behind the exploit and asked Circle to freeze the funds. However, the USDC stablecoin manager was yet to respond to the request as of press time. The Merlin team was also yet to make any statement concerning the hack. Most of the discussions and information provided so far are from community members discussing the exploits on Twitter.
Some community members reporting the hack cast aspersions at Certik Audits, suggesting the possibility of a deliberate exploit by the project’s insiders in a rug pull. One community member warned users to stay away from the project’s website and avoid interacting with its contracts.
SAFETY UPDATE: Merlin dex is NOT safe, do not interact with the website or the contracts. It's either been exploited or hard rugged. Very sorry for anyone who was affected, we lost 150K, what good is a certik audit if on day 2 a protocol gets drained? https://t.co/OaMGCxem57— Digits Capital (@DigitsCapital) April 26, 2023
The Merlin exploit represents another setback in the DeFi market recently targeted by hackers. Several DeFi platforms have been vulnerable to security breaches, despite rigorous vetting by auditing companies like Certik Audits. Several millions of dollars have been stolen this year alone from DeFi projects due to exploits.
Merlin is one of the DeFi projects that launched recently. It attracted a lot of attention because it was built on zkSync, and established multiple partnerships with some renowned platforms in the industry. The platform’s Core Farming Pools is a flagship product that drew significant attention and attracted millions of funds in the few days it has existed.
The post Certik-Audited Merlin DEX Loses $1.82M to Liquidity Pool (NASDAQ:POOL) Exploit appeared first on Coin Edition.