Well, the cryptoverse plays hard and instantly to the point. This time, a so-called Hong Kong-based developer focused the governance structure of the Libra coin project, yesterday confirmed by Facebook and another 27 organizations.

In the recent update 83, “CRITICAL security vuln fixed”, as publicized on GitHub, a web-based hosting service that is quite often used for code, it asserted that Libra has “an alarming vulnerability .”

User ‘gazhayes’, who has “discovered” the vulnerability , defined that , “in the current implementation , trusted ‘validator nodes’ are core to the security model”, which essentially means that hard power is centralized around those few entities, but it is also these entities that the protocol itself depends on to validate the protocol .

Now comes the most interesting part: “This means the protocol is whatever they decide it is. These entities can change the rules whenever they want. This means they can freeze your coins, take your coins, issue new coins, or really whatever they want – the sky is the limit .”

As reported, Libra is governed by the Libra Association which now has 28 founding members, such as Facebook, Visa, PayPal, Uber and others, who required to pay at least USD 10 million to enroll in the Association and become a validator node.

“Validator nodes, symbolized in the (Libra Association Council), have the ultimate power. The council delegates many of its executive powers to the association’s management however retains the power to override delegated decisions and keep vital decisions to itself, with the most significant ones requiring a greater than two-thirds supermajority,” as it’s articulated on the Libra’s website.

However, gazhayes has sent a pull request to address it, consisting of a patch to the current codebase that should resolve the issue. The solution is simple – “using a permissionless system where the hard power is decentralised across a very large number of participants in such a way that making changes to the protocol is impossible without near unanimous agreement by everyone involved .”

On the other hand, another user of GitHub, pigd0g, added insult to injury claiming that “Funds have been seized by a third party due to violation of terms of service. I just posted something the validators don’t agree with on social media .”

This is objectively funny and cheerful, and as we know, crypto world will always find a way to laugh no matter what. But jokes aside, this is an important question for Libra and Facebook in general.

While a recent survey showed that 18% of 1, 000 survey adult Americans would be interested in investing in a Facebook created digital token , it doesn’t exactly take a survey to know that many people mistrust Facebook when it comes to security and privacy, particularly regarding the Cambridge Analytica event when 87 million people’s personal details were taken and used for political ad targeting . Furthermore, a lot of criticism has been pointed exactly at the lack of decentralization and anonymity of Libra and Calibra, with some pointing out that it’s not blockchain at all.

Also, as reported, the project is confronting additional problems with lawmakers.