$25 million drained from Compound (COMP) treasury in recent governance exploit incident

The Compound Finance (COMP) treasury was emptied of $25 million in a recent governance attack, raising alarm about the state of decentralized governance in the decentralized finance (DeFi) ecosystem.

Compound DAO hijacked

After According to DeFi researcher Ignas, the attack began with an initial proposal to grant 92,000 COMP tokens, which was submitted on the Compound DAO forum without prior discussion.

Despite the “clear warning signs” identified by the project’s security advisor, Michael Lewellen, the warning received little response from the community. Only a few voices, such as MonetSupply and Wintermute, raised Issue.

But the story took an even more disturbing turn when Humpy came back with a third proposal, this time demanding 499,000 COMP tokens – a 5.4x increase from the initial 92,000. Interestingly, this proposal was easily accepted, although only 57 addresses cast their votes.

Who is Humpy and how did he gain such enormous influence?

After According to DeFi researcher StableScarab, Humpy is a major player in several DeFi protocols, cleverly exploiting incentive systems to amass large amounts of governance tokens. His tactics allowed him to gain significant control over Balancer, an Ethereum-based automated market maker, in 2022, and now he has Compound in his sights.

The researcher emphasizes that this incident reveals a critical problem in DeFi governance: “the illusion of decentralization.”

While Compound decentralized autonomous organization (DAO) is touted as a decentralized decision-making body, but the reality, according to StableScarab, is that typically only 20 addresses participate in governance votes.

The researchers claim that even when controversial proposals are made, the general public remains largely indifferent and appears unaware or unconcerned about the implications.

Furthermore, the Compound team itself seems disinterested, as the official @compoundfinance X account was silent at the time of writing this article, hours after the incident.

This raises questions about the true nature of the protocol. Governance structureas it appears that Gauntlet, a paid advisor, is effectively running the DAO. StableScrab further noted:

Humpy’s influence extends beyond governance. He has his own token, @Gold_On_Chain, for his “Golden Boys” community. Following today’s Compound event, the value of $GOLD doubled as speculators bet on Humpy’s ability to continue to find “highly profitable” governance/farming strategies.

On the other hand, in the wake of the recent suspected governance exploit, Compound’s native token COMP has declined by over 1% in the past 24 hours and over 7% in the past week alone.

Furthermore, this has exacerbated the token’s ongoing downtrend since the bull run in 2021. In May of the same year, the token reached an all-time high of $910 and is currently almost 95% below that level.

It remains to be seen what communications the Compound team will issue to investors and what further findings will come to light in the wake of the exploit.

Featured image of DALL-E, chart from TradingView.com