CertiK has revealed plans to reimburse the victims of the roughly $2 million MerlinDEX rug pull. The blockchain security firm has also proposed a 20% white hat bounty for the rogue hackers to return the stolen funds.
There seems to be a glimmer of hope for users of the MerlinDEX decentralized finance (DeFi) protocol who lost their hard-earned money in the roughly $2 million rug pull recently orchestrated by the protocol developers.
ICertiK, a security-focused ranking platform for blockchain and DeFi protocols, initially blamed the MerlingDEX asset loss on a private key management issue rather than an exploit by hackers or a rug pull attack.
However, eZKalibur, a zkSync-based decentralized exchange platform, revealed that it had discovered a loophole in the MerlinDEX smart contract. The hackers exploited this vulnerability to drain the funds on the protocol.
CertiK, which reportedly audited the MerlinDEX code before the rug pull, says it’s now looking to formulate a community compensation plan to make investors whole again.
20% whitehat bounty
CertiK claims it has discovered that the bad actors are based in Europe and is now collaborating with law enforcement agents to fish them out.
The company has also offered the rogue developers responsible for the rug pull a 20% white hat bounty to return the stolen funds.
There have been several hacks this year alone where the bad actors accepted a bounty offer in exchange for the stolen money. Earlier this month, the perpetrators of the SafeMoon heist of $8.9 million agreed to return 80% of their loot following successful negotiation with the project creators.
Whether the MerlinDEX attackers will accept CertiK’s bounty offer remains to be seen.