Decrypt’s Art, Fashion, and Entertainment Hub.
1/ CertiK is exploring a community compensation plan to cover the ~$2M of user funds lost in the Merlin DEX rug pull. Initial investigations indicate that the rogue developers are based in Europe, and we are working with law enforcement to track them down.
— CertiK (@CertiK) April 26, 2023
Developer announcement 📢
Can everyone revoke connected site access on your wallets/sign permission https://t.co/YRxH7IUU4T
We are analysing the exploit of our protocol and would stress that everyone carries out this step as a precaution.
More updates will be provided
— Merlin (@TheMerlinDEX) April 26, 2023
📢 We did some research on Merlin smart contracts and we identified the malicious code responsible for the draining of funds.
These two lines of code in the initialize function are essentially granting approval for the feeTo address to transfer an unlimited (type(uint256).max)… pic.twitter.com/mIksh4HkhB
— eZKalibur ∎ (@zkaliburDEX) April 26, 2023
Give me your money. yes, Sir!
It's like a bank pre-authorizes that the owner of the bank can arbitrarily withdraw all customers' money.
If you know this, will you still deposit your tokens into the bank?
— Yajin (Andy) Zhou (@yajinzhou) April 26, 2023