The automated software programs that power much of the DeFi, or decentralized finance, activity on the Ethereum blockchain appear to be less tamper resistant than advertised. In recent years, most of these “smart contracts” have evolved to include a back door, or a way to change them, sometimes in drastic ways, according to a report from researcher Coin Metrics. Most have so-called admin keys, providing access that can allow someone to change crucial features, raising the risk of hacks and even machinations by insiders. “We call this the biggest risk in DeFi right now,” said Lucas Nuzzi, head of research and development at Coin Metrics. When Coin Metrics examined all smart contracts on Ethereum between January 2020 and April 2022, it found 123 instances when admin keys were likely used for unsavory purposes. Admin keys helped hackers breach the Wormhole bridge earlier this year, stealing $320 million. They were also used twice to prop up Basis Cash, an earlier stablecoin project run by Do Kwon, the co-creator of the Terra blockchain project that went bust in May. An admin of Basis Cash was changed, and effectively destroyed a chunk of the coin’s supply without notifying users, according to Coin Metrics. The admin also minted tokens for the project’s treasury.
Full story : ‘Biggest Risk in DeFi’ Seen Coming From Backdoor Software Threat.