zkSync-based decentralized exchange (DEX) Merlin has announced plans to compensate users impacted in a nearly $2 million rugpull with blockchain audit firm CertiK.

In a statement, CertiK said that it is actively investigating the recent Merlin DEX exit scam, where rogue developers are suspected of causing the loss of around $2 million in user funds.

The compensation plan is intended to cover the lost funds for affected users. CertiK emphasized that although private key privileges are outside the scope of a smart contract audit, they are committed to assisting impacted users in this case.

The rogue developer is urged to return 80% of the stolen funds and accept a 20% white hat bounty, CertiK said. On its part, it will collaborate with law enforcement authorities to track down the rogue developers if direct negotiation is unsuccessful.

Merlin was seemingly exploited for over $1.8 million on Wednesday morning during a public sale of its mage (MAGE) tokens, despite touting an audit conducted by blockchain security firm CertiK.