VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Bobie, the founder of 0xScope, the Web3 knowledge graph protocol, tweeted that the liquidity of the zkSync ecological DEX Merlin was exhausted, and hackers stole $1.82 million in funds and bridged to Ethereum. According to analysis, this is an internal Rug Pull, and Merlin internal members maliciously used the privileges of the owner's wallet. Attack method (per SlowMist): Rug Pull. Reported loss: $ 1,820,000.
Primary source
https://twitter.com/0xBobie/status/1651051380155744256 ↗Sourced from
slowmist
Technical record
- chain
- ethereum
- protocol
- Merlin
- bug_class
- rug
- date_occurred
- 2023-04-26
- loss_usd
- $1,820,000
- source_id
- sm:merlin::2023-04-26
Related — same bug class· rug