Merlin Labs Repeated Strategy Exploits
Multiple 2021 exploits (~$680K+) of Merlin Labs on BNB Chain, a yield optimizer whose strategy and reward pricing were repeatedly manipulated via flash loans.
- Date
- Victim
- Merlin Labs
- Chain(s)
- Status
- Funds Stolen
In 2021, the BNB Chain yield optimizer Merlin Labs suffered multiple exploits (an initial ~$680K, with further losses across additional incidents). Each involved flash-loan manipulation of the strategy/reward pricing Merlin used.
What happened
Merlin's strategies priced from manipulable pools; repeated flash-loan manipulations across several 2021 incidents drained reserves each time.
Why it matters
Merlin Labs is both a BSC-2021 flash-loan pricing entry and a multi-incident entry — exploited, "fixed," exploited again, multiple times in one year. It compresses two of the catalogue's central findings into one small protocol: the BSC-2021 cluster's relentless repetition of one avoidable bug class, and the repeat-incident verdict that inadequate systemic remediation guarantees recurrence. Merlin learned neither lesson in real time; the catalogue records it so the pattern is unmistakable in aggregate.
Sources & on-chain evidence
- [01]rekt.newshttps://rekt.news/merlin-labs-rekt
- [02]halborn.comhttps://www.halborn.com/blog/post/explained-the-merlin-labs-hacks-2021