Crypto Influencer Claims Chainlink’s Multisig May Destroy DeFi
Chris Blec, a popular crypto influencer who describes himself as a fierce advocate for immutable decentralized technology, has alleged that the decentralized finance (DeFi) industry is colluding to hide a key vulnerability associated with Chainlink.
The entire DeFi industry – VCs, DAOs, devs, everyone – is colluding to hide the fact that if 5 people, chosen by @chainlink, ever decide (or are forced) to go rogue, the entire DeFi ecosystem can be intentionally destroyed in the blink of an eye.
— Chris Blec (@ChrisBlec) February 7, 2023
According to Blec, the developers, decentralized autonomous organizations (DAO) and venture capitalists, and others in the DeFi space are colluding, to hide the fact that if 5 people, chosen by Chainlink, ever decide (or are forced) to go rogue, the entire DeFi ecosystem can be intentionally destroyed in the blink of an eye.
The vulnerability that Blec is referring to is the 4-of-9 multisig contract that controls Chainlink. He believes that the contract, which was formerly a 3-of-20 multisig, is poorly secured. The 4-of-9 multisig is a security measure that requires four out of nine signatures to authorize a transaction.
A multisig contract is usually attacked from within, which in this case would be the keyholders assigned by Chainlink. Chris Blec believes that if compromised, this feature could trigger a domino effect that will lead to severe consequences for the projects that rely on Chainlink oracles since the Chainlink multisig can add or remove any source from any price feed.
According to the crypto influencer, this risk extends to popular DeFi projects like Aave and MakerDAO, which use Chainlink’s oracles for price data. Aave’s reliance on these price oracles is of particular concern to Blec, given that they helped enable over $2 trillion in transaction flows on Aave in 2022. The list of projects which rely on Chainlink has been growing ever since it rolled out the proof of reserve service following FTX’s collapse.