Merlin, a decentralized exchange based on zkSync Era, lost approximately $1.82 million in assets in an alleged exploit immediately after a CertiK audit.
CertiK completed on April 24 a security re-audit of the Merlin codebase, after which the developers of the decentralized exchange announced an investigation into a possible hack.
They recommended that users withdraw approvals for all smart contracts and promised to provide additional information later.
The preliminary investigation suggested that the unauthorized withdrawal of funds may have been caused by an issue with private key management rather than an exploit.
CertiK added that if any dishonest activity is discovered, they would work with the relevant authorities and share information.