Blockchain security firm CertiK is introducing a compensation plan to cover the $2 million loss suffered by the public sale of Merlin decentralized exchange’s MAGE token. CertiK is urging the rogue developer responsible for the loss to return 80% of the stolen funds while offering 20% as a white hat bounty. The remaining Merlin team has also been enlisted to initiate the compensation plan while CertiK investigates the exit scam. Although private key privileges were not within the scope of the smart contract audit, CertiK has committed to aiding affected users.
Following its audit of Merlin’s code, CertiK identified a possible issue with private key management. However, the audit did not prevent the scam, and CertiK recommends users look for projects with a “KYC Badge” as an added layer of security to reduce and mitigate risks of rug pulls and insider threats.