Built on Ethereum, the reliable Layer 2 blockchain scaling solution zkSync, the decentralized exchange Merlin was hacked with a heist of 1.82 million dollars. It was claimed that this security breach occurred immediately after the platform underwent a comprehensive code audit conducted by the famous smart contract auditor Certik.
Certik tweeted about this subject that it is investigating the incident and that its initial findings suggest a potential issue with private key management:
”While audits cannot prevent private key issues, we always highlight best practices to projects. Should any foul play be discovered, we will work with the appropriate authorities and share relevant info. Stay tuned for updates.”
Certik continued ”Our response teams have been working diligently to understand the circumstances and assess the extent of the impact on our community,”
Meanwhile, eZKalibur, the zkSync launchpad project, claims to have uncovered the malicious code behind the 1.82 million dollar attack.
This is not just a hack, but also a major security issue. Hacking of exchanges has become a common occurrence lately, and it was learned that almost no protections were audited for the exchange before the collapse of the FTX exchange. Exchanges need to urgently identify and address their security vulnerabilities in this regard.