BREAKING: Critical Chainlink Centralization Flaw Exposed

Breaking: Critical Chainlink Centralization Flaw Exposed
Credits: Getty

Crypto Podcaster Chris Blec has commented on a centralization issue that could jeopardize the whole DeFi economy.

“3 signers could bring down DeFi”, says Blec

According to a Twitter thread published by Chris Blec, host of the Proof of Decentralization Podcast, most Chainlink oracles are only secured by a 3-of-20 multisig wallet provided by Gnosis Safe. This means that only three signatures would be needed to potentially point the oracles in question to a compromised aggregator, leading to faulty price feeds. 

Furthermore, he points out that we cannot be sure that the multisig stewards are actually 20 unique individuals. He also notes that Chainlink co-founder Sergey Nazarov, who is likely one of the multisig stewards, has significant ties to the World Economic Forum. Blec concluded:

It appears that you CANNOT use DeFi without putting inherent trust in 1-3 unknown signers with WEF/globalist connections on an undocumented Chainlink multisig which has the ability to manipulate any Chainlink price feed and cause an unprecedented DeFi black swan.

Is DeFi decentralized in name only?

The blockchain oracle problem states that any smart contract can only be as decentralized as the oracles it relies upon. What makes the issue at hand so problematic is that Chainlink is the most widely used oracle solution by DeFi protocols on multiple blockchains. This means that a price feed that is just slightly off could potentially trigger mass liquidations across many DeFi platforms. Blec adds:

Hundreds of DeFi apps are using Chainlink oracles, and *all* DeFi protocols are interlinked regardless. If 3 of these 20 keys are compromised in any way (hack, regulatory attack, etc), DeFi could experience an unprecedented black swan and suffer irreversible destruction.

Roughly three hours before publishing his thread, Blec asked for comments from Chainlink developers. At the time of writing, there has not been an official statement yet, but Community Ambassador ChainLinkGod played down the issue, however without denying Blec’s claims.

This year’s record-breaking consensus attack on the Ronin Network exemplifies the dangers of heavy centralization in blockchain networks. Ronin’s L2 network was only secured by nine validators, out of which five were controlled by a single company. The US government later attributed the theft of 624 million USD in crypto assets to the North Korean hacker collective Lazarus Group

As Twitter user @CryptoBullrog noted, not all DeFi protocols rely strictly on Chainlink oracles. However, due to yield farming platforms, other interdependencies between DeFi projects, and the multi-billion USD locked across DeFi platforms, any tampering with the Chainlink oracles might cause ripple effects that by far outclass the damage caused by the Ronin hack.