Coinspeaker
6 December 2024
3 0

Sky Raises Security Concerns Over $756 Million in USDC Custody

Sky, previously known as MakerDAO, is facing scrutiny over the security of $756 million in #USDC held in its “Lite PSM” (Peg Stability Module). Concerns were raised by X user Will Morris, who noted that the Lite PSM uses an externally owned account (EOA) to manage the USDC balance, potentially exposing the funds to risks such as a "rug pull." The EOA account holder has unrestricted access to withdraw funds, which poses significant safety risks.

Security Flaw in Custody Design

Morris criticized the reliance on an EOA for custody, suggesting that smart contracts could provide better security. He indicated that previous designs allowed the PSM to manage its USDC without privileged accounts, advocating for a system where the PSM independently controls the assets.

Morris submitted a bug report to Immunefi, a platform focused on identifying vulnerabilities in smart contracts, but it was dismissed due to the issue being deemed outside the platform's scope.

Coinbase’s Sid Ramesh Responds

Sid Ramesh, Coinbase’s Product & Consumer Onchain Lead, acknowledged Morris's concerns but stated he could not comment on Coinbase's involvement. He mentioned that Coinbase adheres to strict audits and processes for its multi-party computation (MPC) technology, hinting at potential future clarifications regarding Coinbase's role.

In addition, Rune Christensen, co-founder of Sky, informed Cointelegraph that the private keys necessary to reconstitute the MPC account were destroyed during the initial setup with Coinbase Custody.

Amid these security concerns, Sky is also planning significant changes to its economic structure. Christensen proposed transitioning to a deflationary model that would cease new token emissions, focusing instead on burning existing tokens to enhance the protocol's resilience and align with its original tokenomics design.