CertiK says it highlighted ‘centralization risks’ in Merlin DEX audit CertiK says it highlighted ‘centralization risks’ in Merlin DEX audit
Blockchain security firm Peckshield reported that the Merlin DEX exploiter is already sending some of the stolen funds to exchanges.
1 min read
Updated: Apr. 26, 2023 at 10:34 am UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Merlin, a decentralized exchange (DEX) based on Ethereum (ETH) layer-2 protocol zkSync, confirmed it was exploited despite being audited by smart-contract auditor CertiK.
The DEX advised everyone connected to its site to revoke their wallets/sign permission. The team added that it was analyzing the exploit and urged everyone to follow its issued instruction.
Merlin was yet to respond to CryptoSlate’s request for comment as of press time.
CertiK says the hack is a potential private key management issue
CertiK said its initial investigations into the hack showed that it was a potential private key management issue rather than an exploit as the root cause.
The blockchain security firm noted that it highlighted the “centralization risk” under โDecentralization Efforts” in its audit of the firm. CertiK added that “audits cannot prevent private key issues.”
Meanwhile, CertiK assured that it would share relevant information with the authorities if it suspects foul play.
Despite CertiK’s explanations, some crypto community members have questioned the validity of the audits performed by the firm. CertiK is one of the biggest names in the blockchain security business.
MerlinDEX exploiter moving funds to exchanges
Blockchain security firm Peckshield reported that the Merlin DEX exploiter is already sending some of the stolen funds to exchanges.
According to the firm, the exploiter sent $133,800 USDC to MEXC Global and $31,000 USDC to Binance.
Meanwhile, available information shows that two addresses were responsible for the exploit. An address starting with 0x2744 took $850,000 USDC and bridged it to Ethereum โ while the other address, 0x2744d62, stole $844,000 USDC.
Mentioned in this article
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
Editor Editor 
Josh O'Sullivan
Josh has been writing for a decade and is passionate about mainstream crypto adoption, bringing positive financial change to the masses through crypto and decentralized finance.
In this article
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
USD Coin
$1.00022
USD Coin (USDC) is a stablecoin fully backed by the US dollar and developed by the CENTRE consortium.
CertiK
Founded in 2018 by professors of Yale University and Columbia University, CertiK is a pioneer in blockchain security, utilizing best-in-class AI technology to secure and monitor blockchain protocols and smart contracts.