Merlin DEX has been exploited for over $1.82 million, with auditor CertiK blaming 'rogue developers' who abused private key privileges.