Compound Finance Hit by $25M Governance Attack

LUCKNOW (CoinChapter.com) – Compound Finance, a lending platform, has fallen victim to an alleged governance attack. The incident saw the redirection of approximately $25 million worth of COMP tokens.

The Controversial Proposal

On July 28, a proposal orchestrated by a COMP token whale known as “Humpy” passed by a razor-thin margin of 51%. The decision redirected 499,000 COMP tokens from Compound’s treasury to a yield-bearing vault controlled by Humpy and a group called the “Golden Boys.” The proposal garnered 682,191 votes in favor and 633,636 against.

The proposal claims to provide COMP holders with additional yield through a new “Trust Setup.” According to the proposal’s text:

“When a user places COMP into the goldCOMP vault, the depositor receives goldCOMP, a semi-liquid wrapped token representing their initial deposit.” 

These tokens can then be placed in a 99/1 Balancer pool, purportedly creating a passive income stream for long-term COMP holders.

However, the centralized control over the new vault has been met with widespread skepticism within the DeFi community. Omer Goldberg, founder and CEO of Chaos Labs, a firm specializing in DeFi security, described the proposal as “poorly communicated” at best and a blatant attack at worst. 

The key lesson here remains clear: if the potential payoff exceeds the cost of exploitation, someone will attempt it.

Goldberg warned on Twitter.

You May Also Like: Fractal ID Breach Exposes User Data, Traced Back to 2022 Password Hack

Red Flags Raised in Compound Finance’s Forum

This governance attack didn’t materialize overnight. According to posts on Compound Finance’s forums, it involved a series of coordinated efforts led by Humpy. The group made multiple attempts to manipulate the platform’s decision-making process, with their latest attempt finally succeeding. Their strategy included two failed proposals – Proposal 118 and Proposal 247 – before Proposal 289 passed successfully.

Critics argue that this accumulation of voting power through open market purchases undermines the fundamental principles of decentralized governance. Michael Lewellen, a security solutions architect at OpenZeppelin, had previously raised alarms about a potential “governance attack” as early as May, noting suspicious activity and new delegations that raised concerns.

In response to the passed proposal, the Compound community has put forward a motion to limit the actions of Humpy and the Golden Boys. Proposal 290, set to open for voting soon, aims to transfer the Timelock Admin, potentially giving the community more time to react to future governance actions.

The fallout from this incident has been swift and severe. Following the news of the governance attack, the COMP token’s value plummeted. At the time of this writing, COMP is trading at $48, down 5.7% in the last 24 hours. The token’s market capitalization has also dropped to $373 million.

The post Compound Finance Hit by $25M Governance Attack appeared first on CoinChapter.