The WBTC contract is highly vulnerable to attack: Evidence
In order to prove that WBTC is exposed to a massive attack, I have deployed a copy of the contract to Rinkeby Testnet here:
There is human management and ownership of the private keys that manage WBTC. If those humans are phished, hacked, or get a virus on their computer, a hacker could get their Private Key. This happens weekly in the space. I will simulate that on Rinkeby and we will see what will happen.
First, I have put some Rinkeby ETH on the Uniswap Pair with WBTC on the Testnet.
Next, I will pretend that the owner of WBTC on Rinkeby (0x2a3A325317012Cf51A69630cc24988b1C7Afa1D8) was hacked. Here is the private key:
Anyone who has that private key can import it into their Ethereum wallet, steal ownership of the WBTC contract, and/or mint infinite WBTC rinkeby tokens to any address in a single transaction using the mint() method. This means they can steal all the ETH on the liquidity pools for WBTC. Let the games begin!