- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
After approving a smart contract code audit from a security company called Certik, Merlin Decentralized Exchange (DEX) Powered by zkSync – Blockchain Scaling Solutions Ethereum – was compromised. More than $1.82 million worth of damage was caused by the incident.
What Is Known About the Attack
The event happened shortly after the platform’s primary income-generating farming pools went live. The Merlin codebase underwent a security re-audit, which CertiK finished on April 24.
The exchange’s creators said they were looking into a potential attack and advised customers to revoke their authorization for all smart contracts. They said they would give further details soon.
Although an audit is unable to prevent issues with private keys, professionals are always aware of projects’ best practices, according to CertiK. If fraud is discovered, CertiK will alert the appropriate authorities.
Operators of the other zkSync-based DEX, eZKalibur, also claimed the discovery of malicious code at the same time that was to blame for the money loss. Two lines in the code permit a particular address to send an infinite quantity of tokens from the contract address, they pointed out.
Since specialists contend that the identification of such a flaw in the code should have been flagged as serious or even critical, the developers of eZKalibur questioned the caliber of the audit performed by CertiK.
How to Apply Cybersecurity Measures
Cybersecurity experts advise regular internet users not to enter suspicious websites, especially not to perform downloads from unknown resources. Corporations, however, must look into cybersecurity solutions for the companies. It is important to remember that the hackers develop their new strategies as fast as the cybersecurity methods become more and more advanced.