Fool me once, shame on you. Fool me twice, shame on me. Fool me three times, shame on both of us. — Disclosures: Merlin Lab has engaged WatchPug to perform the 4th audit on their updated security code. The Exploit On May 26, 2021, 03:59:05 AM +UTC, less than 48 hrs after the Autoshark hack. Merlin Lab, well, another Bunny fork, been attacked in a similar fashion to the Bunny and the Autoshark hack.