CertiK, a smart contract auditor, has successfully frozen $160,000 of the stolen funds from Merlin, a decentralized exchange (DEX) at the center of a recent rogue insider “rug pull.” The attack resulted in a loss of $1.8 million for Merlin users last week.
CertiK collaborates with partners to block funds
CertiK announced the news on its Twitter page on May 5, stating that it had collaborated with partners to block the stolen funds. The firm is also keeping an eye on the movement of the stolen funds, indicating that the rug pull may continue.
CertiK claims to have attempted to work with Merlin to recover the stolen funds from the April 25 “rug pull,” but the efforts were unsuccessful. As a result, the security firm turned to law enforcement in the United States and the United Kingdom to uncover the identities of the pseudonymous operators.
In a previous post, CertiK stated that it believed the “rogue developers” were based in Europe.
CertiK has committed $2 million to fight exit scams and has launched a compensation plan to cover the funds lost in the Merlin attack. The firm claims that the rogue developers abused the owner’s wallet privileges, but that the blame cannot be placed entirely on the smart contract auditors.
The firm says the code audit was not to detect rug pull
The firm argues that code audits are intended to uncover vulnerabilities, not to detect potential rug pulls. The company points out that many projects, both large and small, have centralization issues flagged, but the vast majority do not result in a rug pull.
While CertiK acknowledges its own failure to properly inform users of the centralization risks in Merlin, it believes that smart contract auditors should not be held fully responsible for the actions of rogue developers.
Although CertiK has successfully frozen $160,000 of the stolen funds from the recent Merlin rug pull, the attack may continue. CertiK has turned to law enforcement to uncover the identities of the pseudonymous operators responsible for the attack.
The firm is also committing $2 million to fight exit scams and has launched a compensation plan for those affected by the Merlin attack. CertiK believes that smart contract auditors should not be fully responsible for detecting rug pulls, but the company plans to place more emphasis on centralization risks in future audit summaries.