Merlin Exploited after CertiK Audit, Raising Questions about Audit Firm's Validity

Merlin, a decentralized exchange (DEX) on Ethereum (ETH) layer-2 protocol zkSync, confirmed it was exploited despite being audited by smart-contract auditor CertiK.

CertiK said its initial investigations into the hack showed that it was a potential private key management issue rather than an exploit as the root cause. The blockchain security firm noted that it highlighted the “centralization risk” under “Decentralization Efforts” in its audit of the firm. CertiK added that “audits cannot prevent private key issues.”

Despite CertiK’s explanations, some crypto community members have questioned the validity of the audits performed by the firm. CertiK is one of the biggest names in the blockchain security business.

Some KOK claims the percentage of projects audited by CertiK but later exploited is much higher than other audit firms. However, there are no statistics on the number of exploits on projects audited by different firms up to now.