Harvest Finance, a decentralized finance project that succeeded in attracting over $1 billion in funds locked has an admin key that gives its holders the ability to mint tokens at will and steal users’ funds.
As noted by auditing companies PeckShield and Haechi and highlighted by Chris Blec, a DeFi community member, the governance parameters are not set by a contract with clearly defined rules. An admin key, presumably held by the anonymous developers behind the project, could be used to arbitrarily mint new FARM tokens.