Share this article
Tech
ZkSync-Based DEX Merlin Drained of $1.8M During Public Token Sale Despite ‘Audit’
The project garnered hype among Crypto Twitter users for its attractive yield offered on deposits.
Updated Apr 27, 2023, 10:29 a.m. Published Apr 26, 2023, 5:53 a.m.
New zkSync-based decentralized exchange Merlin was seemingly exploited for over $1.8 million Wednesday morning during a public sale of its mage (MAGE) tokens.
Exploiters drained some $850,000 worth of USD coin (USDC) from Merlin along with some more relatively illiquid tokens. As such, blockchain data suggested that an entity with control of the liquidity pool was able to drain the funds easily – meaning this was not a complex or sophisticated exploit.
The attack occurred despite Merlin touting an audit conducted by blockchain security firm CertiK. “No Critical Findings,” the audit concluded, as CertiK’s website data shows.
Merlin was offering its MAGE tokens in a public sale to investors in a three-day event without any hard cap. “$MAGE will begin trading at $45, with a $850K market value. The total amount raised will determine the final price of tokens for all users,” developers said Tuesday.
Merlin developers did not issue any statement regarding the funds drain on Wednesday at press time.
On-chain data provided by Arkham Intelligence reveals that $1.82 million in total had been stolen, with the funds being bridged back to the Ethereum network before being converted to ether.
UPDATE (April 26, 14:33 UTC): Updates total amount stolen, adds details that hacker bridged funds to Ethereum.
UPDATE (April 26, 16:37 UTC): Adds information about CertK's Twitter response to the loss of funds, including plans for compensation.
UPDATE (April 27, 10:29 UTC): Removes Certik's Twitter response from end of story after company deletes tweet.
Shaurya Malwa
Shaurya is the Co-Leader of the CoinDesk tokens and data team in Asia with a focus on crypto derivatives, DeFi, market microstructure, and protocol analysis. Shaurya holds over $1,000 in BTC, ETH, SOL, AVAX, SUSHI, CRV, NEAR, YFI, YFII, SHIB, DOGE, USDT, USDC, BNB, MANA, MLN, LINK, XMR, ALGO, VET, CAKE, AAVE, COMP, ROOK, TRX, SNX, RUNE, FTM, ZIL, KSM, ENJ, CKB, JOE, GHST, PERP, BTRFLY, OHM, BANANA, ROME, BURGER, SPIRIT, and ORCA. He provides over $1,000 to liquidity pools on Compound, Curve, SushiSwap, PancakeSwap, BurgerSwap, Orca, AnySwap, SpiritSwap, Rook Protocol, Yearn Finance, Synthetix, Harvest, Redacted Cartel, OlympusDAO, Rome, Trader Joe, and SUN.
