Main navigation

CertiK Audit Firm Called Scam Contract 'Safe,' Users' Funds Are Gone

Wed, 04/26/2023 - 10:47
article image
Arman Shirinyan
Despite being audited, this decentralized exchange used malicious practices that led to loss of users' funds
CertiK Audit Firm Called Scam Contract 'Safe,' Users' Funds Are Gone
Cover image via

Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.

Read U.TODAY on
Google News

CertiK, a prominent blockchain security firm that conducts audits of smart contracts, has recently come under fire after a project they audited turned out to be flawed, draining users' funds. The project in question, MerlinDEX, had a contract that allowed the deployer address to withdraw unlimited funds, leading to the loss of users' assets. This incident raises questions about the effectiveness of smart contract audits and the need for heightened vigilance over DeFi.

In the case of MerlinDEX, the smart contract contained a function that approved the maximum value of uint256 to the deployer address, allowing the funds to be drained. Users could withdraw their liquidity provider (LP) tokens, but they were unable to remove liquidity from the pool as there were no funds left. One user commented, "Certik legit saw the contract allow infinite to some random address and gave it a pass."

Scam Alert: KuCoin's Official Account Hacked, 9 ETH and 0.2 BTC Stolen

Despite the backlash, CertiK responded, stating they were actively investigating the MerlinDEX incident. They pointed to a potential private key management issue as the root cause, rather than an exploit. While audits cannot prevent private key issues, CertiK highlighted its commitment to promoting best practices in projects.

Nonetheless, it is essential to understand that smart contract audits are not a guarantee of security. While they can catch many potential vulnerabilities, they cannot guarantee that a project is entirely safe. Investors should always do their research and assess the risks associated with any DeFi project, even if it has undergone an audit.

The MerlinDEX incident is not the first time an audited project has faced issues. There have been previous cases where audited projects either rugpulled their users, or users became victims of exploits that should have been caught during the audit process.

article image
About the author

Arman Shirinyan is a trader, crypto enthusiast and SMM expert with more than four years of experience.

Arman strongly believes that cryptocurrencies and the blockchain will be of constant use in the future. Currently, he focuses on news, articles with deep analysis of crypto projects and technical analysis of cryptocurrency trading pairs.