Merlin, a ZkSync-Based DEX, Reports $1M in Losses During Public Token Sale Despite Audit
Merlin, a decentralized exchange (DEX) built on the layer-2 scaling solution zkSync, was drained of $1 million during its public token sale, despite the exchange passing an audit by cybersecurity firm Hacken.
The exchange had been conducting a public sale of its native token, MERL, when the attack took place. According to a statement from the Merlin team, the attacker exploited a vulnerability in the contract for the MERL token, allowing them to mint and sell a large number of tokens for a minimal cost. The team claims that the attack was the result of a "complex and sophisticated" exploit that took advantage of a combination of vulnerabilities in the contract.
The Merlin team has since paused trading and withdrawals on the exchange and has launched an investigation into the incident. The team has also pledged to compensate affected users for their losses.
The incident highlights the risks associated with investing in decentralized finance (DeFi) projects. While DeFi offers a range of benefits, including increased transparency and accessibility, it also comes with significant risks, including smart contract vulnerabilities and the potential for hacks and exploits.
The incident also underscores the importance of security audits for DeFi projects. While audits can help to identify vulnerabilities and mitigate risks, they are not foolproof, and attackers can still find ways to exploit even audited contracts.
The Merlin team has emphasized that they are taking the incident seriously and are committed to addressing the issue and compensating affected users. The team has also announced plans to implement additional security measures, including a bug bounty program and improved monitoring and detection systems.
The incident is a reminder of the need for investors and users to exercise caution when participating in DeFi projects. While the potential rewards can be significant, the risks can also be high, and investors should conduct their due diligence and carefully assess the risks before investing in any DeFi project.
Overall, the incident is a setback for the Merlin team and the wider DeFi ecosystem. However, it also highlights the need for continued investment in security and the importance of transparency and communication in addressing incidents like these. As the DeFi ecosystem continues to grow and mature, it is likely that incidents like this will become less common, but the risks will always remain, and investors and users must remain vigilant.