Smart contract auditor CertiK has offered Merlin DEX rogue developers a white hat bounty of 20%.

According to an April 26 statement, the blockchain security firm was exploring a community compensation plan to cover the roughly $2 million stolen.

CertiK said its initial investigations showed that the project’s developers were based in Europe. It added that it was working with law enforcement agencies to track them down.

CertiK wrote:

“Although we raised the private key privilege issues in the audit report, we want to assist impacted users. We are determined to track down those behind this rug pull.”

The blockchain firm added that it would release more information about the compensation soon.

Earlier today, CryptoSlate reported that the zkSync-based decentralized exchange confirmed that it was exploited. According to the report, the exploiters were already sending some of the stolen funds to crypto exchanges like Binance and MEXC Global.

Merlin DEX releases post-mortem

In an April 26 Twitter thread, Merlin said several members of the Back-End Team drained all of its Contracts.

According to the thread, the developers who rugged the project had made over 1,000 contributions in the last year to Github repositories. These developers are based in Serbia, and their previous projects included Discoverilla and InterFi Network.

Merlin said:

“They chose to carry out several on-chain transactions to drain all of Merlin’s pools, public sale and manipulate our front-end contracts. This was done by implementing a function that allows a Call action to all Merlin Pairs alongside hidden Front-End Contracts.”

Merlin said it was working to reimburse all affected users, adding that it had notified the relevant authorities in Serbia about the incident.

Meanwhile, the stolen funds have been traced to a wallet that currently holds 402 ETH — worth $783,195.

The post CertiK offers Merlin DEX rogue developers 20% white hat bounty appeared first on CryptoSlate.