CertiK blames zkSync’s MerlinDEX hack on private key management issue 

CertiK has attributed the over $1.82 million loss suffered by zkSync-based decentralized exchange, MerlinDEX, to a private key management issue rather than an exploit by bad actors. CertiK conducted an audit on MerlinDEX’s smart contracts before the incident.

MerlinDEX, a zkSync-based platform is the latest decentralized finance protocol to lose the funds in its liquidity pool. The decentralized exchange (DEX) lost over $1.82 million during the early hours of April 26.

So far, there have been conflicting reports concerning the exact cause of the asset loss, with the blockchain security firm, CertiK, which recently audited the project’s code, claiming that its initial investigations have revealed that the attack was due to a private key management issue rather than an exploit.

However, eZKalibur, another zkSync-based decentralized exchange project, claims to have researched the MerlinDEX smart contracts and identified the loophole that enabled the heist.

While the DeFi ecosystem saw an increased TVL (total value locked) during the first quarter of the year, hacks and rug pulls continue to plague the industry with no permanent solution. 

According to CertiK, bad actors drained more than $320 million from the crypto space during the first quarter of this year alone. With the current situation, that amount could surpass the over $3 billion stolen last year by the end of 2023.