Jarrod Watts, a developer relations engineer at Polygon Labs, said that the Blast contract is an upgradeable contract controlled by 3/5 multi-signatures, and all 5 addresses are anonymous new addresses. It is possible for Blast to execute code upgrades through multi-signatures and steal funds immediately. Although many other Layer 2 solutions, including Arbitrum, currently have the same function, Blast is not Layer 2, but just a smart contract that accepts user funds and puts them into protocols such as Lido. There is no testnet, no transactions, no bridges, no rollups, and no transaction data is sent to Ethereum. If the 3/5 multi-signatures that control the contract do not "do the right thing" in the future, users will not be able to withdraw the money deposited in the Blast contract at any time.