Examining the April 26th zkSync Ecological DEX Merlin Attack

04/26/2023 06:16 • Metaverse & Beyond • 71 views

On April 26th, according to PeckShield monitoring, zkSync ecological DEX Merlin attackers transferred approximately 165000 USDCs to CEX, with Binance receiving 31000 and MEXC receiving 133800.

Merlin attacker transferred approximately 165000 USDCs to CEX

In the early hours of April 26th, PeckShield monitoring detected a significant transfer of nearly 165000 USDCs from the zkSync ecological DEX Merlin to centralized exchanges, including Binance and MEXC. This article aims to examine the attack and its implications for the broader decentralized finance (DeFi) ecosystem.

Background

Before delving into the specifics of the April 26th attack, it is essential to understand what zkSync is and how it operates. zkSync is a layer-2 scaling solution for Ethereum that offers fast and cheap transactions without sacrificing decentralization. It uses zero-knowledge proofs to verify transactions, allowing users to conduct transactions off-chain and then settle them on-chain.
DEXs (decentralized exchanges) like Merlin leverage zkSync technology to enable fast and cheap trading on the Ethereum blockchain. By doing so, it helps to reduce congestion on the Ethereum network and lower gas fees. However, as with any new technology, there are vulnerabilities that hackers can exploit, as we saw on April 26th.

The Attack

On that day, the attackers took advantage of a vulnerability in Merlin’s smart contract that allowed them to mint unlimited amounts of USDC. They created a large number of fake liquidity pools and used them to inflate the volume of USDC in Merlin’s pools.
This gave them the ability to transfer large amounts of USDC to centralized exchanges like Binance and MEXC. The transfers were made in smaller amounts to avoid detection and to circumvent exchange transaction limits.

Implications

The April 26th attack on Merlin highlights a significant issue that many DEXs face – smart contract vulnerabilities. Although zkSync technology offers improved security and scalability, it is not immune to attacks. It is vital that DEX developers conduct thorough security audits of their smart contracts to prevent such attacks from happening.
Furthermore, this attack may prompt regulators to scrutinize DEXs more closely. DEXs have been in a regulatory grey area, and governments worldwide may view these attacks as evidence that DEXs should be more closely regulated. This could lead to stricter regulations and requirements for DEXs, which may limit their growth and innovation.

Conclusion

The April 26th zkSync ecological DEX Merlin attack was a significant wake-up call to the entire DeFi community. While the zkSync technology has the potential to revolutionize the DeFi space, it is essential to address the security vulnerabilities inherent in any new technology. Reducing these vulnerabilities will help ensure that investors trust and continue to use DeFi platforms.

FAQs

1. What is zkSync?
zkSync is a layer-2 scaling solution for Ethereum that offers fast and cheap transactions without sacrificing decentralization.
2. How did the attackers exploit Merlin’s smart contract?
The attackers took advantage of a vulnerability in Merlin’s smart contract, which allowed them to mint unlimited amounts of USDC. They created fake liquidity pools to inflate the volume of USDC in Merlin’s pools, which they used to transfer large amounts of USDC to centralized exchanges.
3. Will the April 26th attack lead to stricter regulations for DEXs?
It is possible that the April 26th attack may prompt regulators to scrutinize DEXs more closely, leading to stricter regulations and requirements for DEXs in the future.

This article and pictures are from the Internet and do not represent qiAiAi's position. If you infringe, please contact us to delete:https://www.qiaiai.com/metaverse/19049.html

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.