The Merlin Dex liquidity pool was attacked on zksync chain: A Summary

According to reports, the Merlin Dex liquidity pool (0x82cf66e9a45Df1CD3837cF623F7E73C1Ae6DFf1e) on the zksync chain was attacked on April 26, 2023, according to the Beosin EagleEye security risk monitoring, warning, and blocking platform monitoring under the blockchain security audit company Beosin. The attacker’s address one (0x2744d62a1e9ab975f4d77fe52e16206464ea79b7) directly calls the transferFrom function to transfer the 811K USDC from the pool, and then uses Anyswap to cross chain to its Ethereum main network address. The attacker’s address two (0xcE4ee0E01bb729C1c5d6D2327BB0F036fA2cE7E2) extracts the ETH of 435.2 from the token 1 contract (WETH) and then uses Anyswap to cross chain to the Ethereum main network address (0x0b8a3 ef6307049aa0ff215720ab1fc885007393d), A total profit of approximately $1.8 million was made, and the Beosin KYT anti money laundering analysis platform found that the stolen funds were still stored on the two main Ethereum addresses of the attackers mentioned above. Beosin will continue to monitor the stolen funds.

ZkSync ecological DEX Merlin encounters an attack and funds are still stored on the attacker’s Ethereum main network address

The Beosin EagleEye security risk monitoring, warning, and blocking platform monitoring under the blockchain security audit company Beosin has reported that the Merlin Dex liquidity pool (0x82cf66e9a45Df1CD3837cF623F7E73C1Ae6DFf) on the zksync chain was attacked on April 26, 2023. The attacker’s address one (0x2744d62a1e9ab975f4d77fe52e16206464ea79b7) directly called the transferFrom function to transfer the 811K USDC from the pool. Then, they used Anyswap to cross-chain to its Ethereum main network address. The attacker’s address two (0xcE4ee0E01bb729C1c5d6D2327BB0F036fA2cE7E2) extracted 435.2 ETH from the token 1 contract (WETH) and then used Anyswap to cross-chain to the Ethereum main network address (0x0b8a3 ef6307049aa0ff215720ab1fc885007393d). A total profit of approximately 1.8 million dollars was made. The Beosin KYT anti money laundering analysis platform found that the stolen funds were still stored on the two main Ethereum addresses of the attackers mentioned above. Beosin will continue to monitor the stolen funds.

Introduction

In the world of the blockchain, liquidity pools play a crucial role in enabling users to trade. On April 26, 2023, there was a surprise attack on Merlin Dex liquidity pool, highlighting the vulnerabilities of these systems. This article will provide a summary of the attack on Merlin Dex liquidity pool, and what it means for the blockchain community.

What is Merlin Dex Liquidity Pool?

Before we dive into the details of the attack, let’s understand what Merlin Dex liquidity pool is. It is a decentralized exchange (DEX) running on the zksync chain. It offers a liquidity pool where users can trade without intermediaries.

Attack on Merlin Dex Liquidity Pool

According to Beosin EagleEye security risk monitoring, warning, and blocking platform, the Merlin Dex liquidity pool on the zksync chain was attacked on April 26, 2023. The attacker’s address one (0x2744d62a1e9ab975f4d77fe52e16206464ea79b7) directly called the transferFrom function to transfer the 811K USDC from the pool. Then, they used Anyswap to cross-chain to its Ethereum main network address. The attacker’s address two (0xcE4ee0E01bb729C1c5d6D2327BB0F036fA2cE7E2) extracted 435.2 ETH from the token 1 contract (WETH) and then used Anyswap to cross-chain to the Ethereum main network address (0x0b8a3 ef6307049aa0ff215720ab1fc885007393d). A total profit of approximately 1.8 million dollars was made.

The Aftermath of the Attack

The Beosin KYT anti-money laundering analysis platform found that the stolen funds were still stored on the two main Ethereum addresses of the attackers mentioned above. Beosin will continue to monitor the stolen funds.

The Implications of the Attack

This attack highlights the vulnerabilities of liquidity pools. As the popularity of decentralized finance grows, more liquidity pools will be exploited if the security measures are not strengthened. Therefore, it is essential to implement additional security measures to prevent these attacks.

Conclusion

In conclusion, the attack on Merlin Dex liquidity pool shows the importance of blockchain security in the world of decentralized finance. It is essential to strengthen the security measures of liquidity pools to avoid similar attacks in the future.

FAQs

1. What is Merlin Dex liquidity pool?
Merlin Dex liquidity pool is a decentralized exchange (DEX) running on the zksync chain. It offers a liquidity pool where users can trade without intermediaries.
2. How much was the loss in the Merlin Dex liquidity pool attack on April 26, 2023?
The total profit of approximately 1.8 million dollars was made in the attack.
3. What measures are required to avoid attacks on liquidity pools?
Additional security measures are required to prevent attacks on liquidity pools. This can include early detection of vulnerabilities, security audits, and regular software updates.