Breaking: Blast Addresses $350M Lock-up Concerns with Multisig Emphasis

Blast, an Ethereum-based DeFi protocol, recently responded to growing security concerns after locking up nearly $350 million in assets like ETH, USDT, and DAI. The platform, known for staking user assets in Lido to generate yield, has experienced a significant fund surge. However, this growth has been overshadowed by pressing security issues due to the need for essential features like a testnet, transactions, bridge, rollup, or direct transaction data transfer to Ethereum.

The Risk of No-Limit Withdrawals

Critics, including Polygon Developer Relations’ Jarod Watts, have pointed out vulnerabilities in Blast’s code. Notably, the protocol permits no-limit withdrawals of total funds staked, raising the alarm about the potential mismanagement or misuse of the locked assets. Watts emphasized that without standard L2 features, investors rely on a small group’s integrity to secure their funds.

The situation highlights the broader transparency issues and regulatory necessity in the burgeoning DeFi sector. A function in Blast’s code, “enableTransaction,” allows the extraction of significant token amounts, potentially by any Externally Owned Account (EOA) wallet, without withdrawal limits. This capability jeopardizes user assets and draws regulatory scrutiny, underscoring the need for more apparent oversight in the crypto market.

Blasts Addressing the Security Model

In response to these concerns, Blast has taken social media to clarify its security model. The protocol advocates that security is multifaceted, involving smart contract, browser, and physical security dimensions. They argue that immutable smart contracts, often considered more secure, can pose more significant risks, especially in complex agreements. Blast emphasizes the importance of upgradeable contracts, which, despite potential vulnerabilities, offer adaptability in response to exploits.

Multisig Security and Independent Management

Furthermore, Blast underlines the effectiveness of multisig (multiple signatures) security, which other L2 solutions like Arbitrum, Optimism, and Polygon also use. The protocol asserts that each signing key in their multisig setup is independently secure, stored in cold storage, managed by independent parties, and geographically dispersed. This approach aims to bolster the protocol’s resilience against various security threats.

Blast plans to switch one of its multisig addresses to a different hardware wallet provider to enhance security within a week. This move is intended to prevent reliance on a single type of hardware wallet, reducing the risk of a compromise in case of a hardware-specific vulnerability.

While Blast’s responses provide some clarity, the crypto community remains skeptical. Critics question the reliance on multisig setups without timelocks or full transparency, comparing it unfavorably to traditional finance systems.

Read Also: ECB’s Christine Lagarde Says Son Lost All in Crypto