The Compound Finance (COMP) treasury has been drained of $25 million in a current governance assault, elevating alarms concerning the state of decentralized governance within the decentralized finance (DeFi) ecosystem.
Compound DAO Hijacked
In accordance to researcher DeFi Ignas, the assault started with an preliminary proposal to grant 92,000 COMP tokens, submitted with out prior dialogue on the Compound DAO discussion board.
Regardless of “obtrusive crimson flags” recognized by the venture’s safety advisor, Michael Lewellen, the warning acquired minimal engagement from the group, with just a few voices, corresponding to MonetSupply and Wintermute, elevating issues.
Associated Studying
However the story took an much more troubling flip when Humpy returned with a 3rd proposal, this time requesting 499,000 COMP tokens – a 5.4x improve from the preliminary 92,000. Curiously, this proposal sailed by way of, with solely 57 addresses casting their votes.
Who Is Humpy, And How Did He Amass Such Outsized Affect?
In accordance to DeFi researcher StableScarab, Humpy is a serious participant throughout a number of DeFi protocols, adeptly exploiting incentive designs to build up huge quantities of governance tokens. His techniques allowed him to achieve important management over Balancer, an Ethereum-based automated market maker in 2022, and now he has set his sights on Compound.
The researcher highlights that this incident unveils a vital situation in DeFi governance: “the phantasm of decentralization.”
Whereas Compound decentralized autonomous group (DAO) is touted as a decentralized decision-making physique, the fact, within the phrases of StableScarab, is {that a} mere 20 addresses sometimes take part in governance votes.
The researchers declare that even when contentious proposals are put forth, the broader group stays largely detached, seemingly unaware or unconcerned with the implications.
Associated Studying
Furthermore, the Compound crew itself seems disengaged, with the official @compoundfinance X account going silent on the time of writing, hours after the incident.
This raises questions concerning the true nature of the protocol’s governance construction, because it appears Gauntlet, a paid advisor, successfully runs the DAO. StableScrab additional famous:
Humpy’s affect goes past governance. He has his personal token, @Gold_On_Chain, for his ‘Golden Boys’ group. After at this time’s Compound occasion, $GOLD’s worth doubled as speculators guess on Humpy’s potential to proceed discovering “extremely worthwhile” governance/farming methods.
However, the Compound’s native token COMP has retraced over 1% within the final 24 hours and over 7% prior to now week alone within the wake of the newest deemed governance exploit.
Moreover, this has additional exacerbated the token’s ongoing downtrend for the reason that 2021 bull run, which noticed the token hit an all-time excessive of $910 in Could of that 12 months, and is at the moment down practically 95% from that stage.
It stays to be seen what communications the Compound crew will situation to buyers and what different findings will come to gentle within the wake of the exploit.
Featured picture from DALL-E, chart from TradingView.com