CertiK, a well-known cryptocurrency security firm, has announced plans to compensate victims of the Merlin DEX scam. This comes after the Merlin team ran off with almost $2 million in funds just days after CertiK completed a code audit. It was later discovered that the incident was a rug pull rather than a hack.
The developers of Merlin, a decentralised exchange that operated on the zkSync Layer 2 blockchain, also contacted CertiK for an audit of their smart contract. CertiK's audit of Merlin did warn of risks, including the developers' privileged access to funds deposited in the smart contract. CertiK is now exploring a community compensation plan and is committed to protecting the community while maintaining the highest level of security standards in the blockchain ecosystem.
The firm has also acknowledged the difficulty in detecting malicious developer intentions and stated that audits can only identify potential risks and vulnerabilities but cannot prevent malicious activities on the part of rogue developers, such as rug pulls. This is the first time that CertiK has decided to pay compensation after one of their clients cheated its investors.