ZkSync ecological DEX Merlin encounters an attack and funds are still stored on the attacker’s Ethereum main network address

According to reports, the Merlin Dex liquidity pool (0x82cf66e9a45Df1CD3837cF623F7E73C1Ae6DFf1e) on the zksync chain was attacked on April 26, 2023, according to the Beosin EagleEy

ZkSync ecological DEX Merlin encounters an attack and funds are still stored on the attackers Ethereum main network address

According to reports, the Merlin Dex liquidity pool (0x82cf66e9a45Df1CD3837cF623F7E73C1Ae6DFf1e) on the zksync chain was attacked on April 26, 2023, according to the Beosin EagleEye security risk monitoring, warning, and blocking platform monitoring under the blockchain security audit company Beosin. The attacker’s address one (0x2744d62a1e9ab975f4d77fe52e16206464ea79b7) directly calls the transferFrom function to transfer the 811K USDC from the pool, and then uses Anyswap to cross chain to its Ethereum main network address. The attacker’s address two (0xcE4ee0E01bb729C1c5d6D2327BB0F036fA2cE7E2) extracts the ETH of 435.2 from the token 1 contract (WETH) and then uses Anyswap to cross chain to the Ethereum main network address (0x0b8a3 ef6307049aa0ff215720ab1fc885007393d), A total profit of approximately $1.8 million was made, and the Beosin KYT anti money laundering analysis platform found that the stolen funds were still stored on the two main Ethereum addresses of the attackers mentioned above. Beosin will continue to monitor the stolen funds.

ZkSync ecological DEX Merlin encounters an attack and funds are still stored on the attacker’s Ethereum main network address

I. Introduction
– Brief overview of the reported attack on the Merlin Dex liquidity pool
– Introduction to the Beosin EagleEye security risk monitoring, warning, and blocking platform monitoring
II. Description of the Attack
– Explanation of the attacker’s address one and direct call to the transferFrom function
– Use of Anyswap to cross-chain to the attacker’s Ethereum main network address
– Description of attacker’s address two and extraction of ETH from the WETH token contract
– Use of Anyswap to cross-chain to another Ethereum main network address
– Total profit made by the attackers
III. Stolen Funds Analysis
– Mention of the Beosin KYT anti-money laundering analysis platform
– Stolen funds still being stored on the two Ethereum addresses of the attackers
IV. Conclusion
– Recap of the reported attack and stolen funds analysis
– Assurance of continued monitoring by Beosin
V. FAQs
– What is a liquidity pool?
– How does Anyswap work?
– How can I protect my funds on decentralized exchanges?

According to Reports, Merlin Dex Liquidity Pool on Zksync Chain Was Attacked

Reports indicate that the Merlin Dex liquidity pool on the zksync chain was attacked on April 26th, 2023. The news emerged through the Beosin EagleEye security risk monitoring, warning, and blocking platform. Beosin is a blockchain security audit company that provides a suite of security solutions for the blockchain industry.
According to the Beosin report, the attacker’s address one made a direct call to the “transferFrom” function to transfer 811K USDC from the pool. The attacker then used Anyswap to cross-chain the stolen funds to their Ethereum main network address. Subsequently, the attacker’s second address extracted 435.2 ETH from the token 1 contract (WETH) and also cross-chained it to another Ethereum main network address. The total net profit made by the attackers was approximately $1.8 million.
Beosin’s KYT anti-money laundering analysis platform discovered that the stolen funds were still stored on the two Ethereum addresses of the attackers. The Beosin team has said that they will continue to monitor the stolen funds.
Decentralized finance (DeFi) has increasingly become popular. Most often, DeFi platforms use liquidity pools as a way to boost liquidity, which makes trading faster and efficient. Liquidity pools have become a valuable product on the DeFi market with billions of dollars of value locked in on them.
In conclusion, the Merlin Dex attack is a wake-up call that DeFi and cryptocurrency platforms still need to work harder to improve their cybersecurity. As more investors join the decentralized financial ecosystem, the number of cyber-attacks is expected to increase. It is, therefore, important to remain vigilant when using DeFi platforms and be aware of the security risks associated with decentralized exchanges.

FAQs

Q: What is a liquidity pool?
A: Liquidity pool refers to funds that are pooled together in a smart contract. These are then used to enable seamless transactions on a DeFi platform.
Q: How does Anyswap work?
A: Anyswap is a cross-chain decentralized exchange that allows users to exchange cryptocurrencies on different networks.
Q: How can I protect my funds on decentralized exchanges?
A: The most important online security tips apply equally to DeFi platforms as they do to traditional financial networks. You should always use 2-factor authentication, create strong passwords, ensure that the website you visit is the real website, keep software up to date, among others.

This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/18880/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.