30 July 2024
The Compound Finance (COMP) treasury has been drained of $25 million in a recent governance attack, raising alarms about the state of decentralized governance in the decentralized finance (DeFi) ecosystem.
Compound DAO Hijacked
According to researcher DeFi Ignas, the attack began with an initial proposal to grant 92,000 COMP tokens, submitted without prior discussion on the Compound DAO forum.
Despite “glaring red flags” identified by the project’s security advisor, Michael Lewellen, the warning received minimal engagement from the community, with only a few voices, such as MonetSupply and Wintermute, raising concerns.
But the story took an even more troubling turn when Humpy returned with a third proposal, this time requesting 499,000 COMP tokens – a 5.4x increase from the initial 92,000. Interestingly, this proposal sailed through, with only 57 addresses casting their votes.
Who Is Humpy, And How Did He Amass Such Outsized Influence?
According to DeFi researcher StableScarab, Humpy is a major player across multiple DeFi protocols, adeptly exploiting incentive designs to accumulate vast amounts of governance tokens. His tactics allowed him to gain significant control over Balancer, an Ethereum-based automated market maker in 2022, and now he has set his sights on Compound.
The researcher highlights that this incident unveils a critical issue in DeFi governance: “the illusion of decentralization.”
While Compound decentralized autonomous organization (DAO) is touted as a decentralized decision-making body, the reality, in the words of StableScarab, is that a mere 20 addresses typically participate in governance votes.
The researchers claim that even when contentious proposals are put forth, the broader community remains largely indifferent, seemingly unaware or unconcerned with the implications.
Moreover, the Compound team itself appears disengaged, with the official @compoundfinance X account going silent at the time of writing, hours after the incident.
This raises questions about the true nature of the protocol’s governance structure, as it seems Gauntlet, a paid advisor, effectively runs the DAO. StableScrab further noted:
Humpy’s influence goes beyond governance. He has his own token, @Gold_On_Chain, for his ‘Golden Boys’ community. After today’s Compound event, $GOLD’s value doubled as speculators bet on Humpy’s ability to continue finding “highly profitable” governance/farming strategies.
On the other hand, the Compound’s native token COMP has retraced over 1% in the last 24 hours and over 7% in the past week alone in the wake of the latest deemed governance exploit.
Additionally, this has further exacerbated the token’s ongoing downtrend since the 2021 bull run, which saw the token hit an all-time high of $910 in May of that year, and is currently down nearly 95% from that level.
It remains to be seen what communications the Compound team will issue to investors and what other findings will come to light in the wake of the exploit.
Featured image from DALL-E, chart from TradingView.com