$25 million stolen from Compound (COMP) vault in latest breach of governance

A recent governance attack saw $25 million disappear from Compound Finance (COMP)’s coffers, raising concerns about the state of decentralized governance in decentralized finance Ecosystem (DeFi).

Compound DAO Acquisition

According to According to DeFi researcher Ignas, the attack began with an initial proposal to allocate 92,000 COMP tokens, made without prior discussion on the Compound DAO forum.

Despite the “glaring red flags” identified by the project’s security advisor Michael Lewellen, the warning was met with minimal community engagement, with only a few voices like MonetSupply and Wintermute raising the issue worries.

But the story took an even more disturbing turn when Humpy returned with a third proposal, this time requesting 499,000 COMP tokens – a 5.4x augment from the initial 92,000. Interestingly, this proposal passed without a hitch, with only 57 addresses voting.

Who is Humpy and how did he gain such enormous influence?

According to for DeFi researcher StableScarab, Humpy is a major player in many DeFi protocols, skillfully using incentive designs to accumulate massive amounts of governance tokens. His tactics allowed him to gain significant control over Balancer, an automated market maker based on Ethereum, in 2022, and has now set his sights on Compound.

The researcher emphasizes that this incident reveals a key problem in DeFi governance: the “illusion of decentralization.”

While the relationship decentralized autonomous organization (DAO) is presented as a decentralized decision-making body, but in reality, StableScarab claims, only 20 addresses typically participate in governance votes.

Even when controversial proposals emerge, the researchers say, the broader community remains largely indifferent, apparently unaware of or uninterested in their implications.

What’s more, the Compound team itself appears uninterested in the matter, with the official @compoundfinance X account having gone mute at the time of writing, hours after the incident.

Questions arise about the true nature of the protocol Management structureGauntlet, a paid advisor, appears to be effectively running the DAO. StableScrab further noted:

Humpy’s influence extends beyond governance. He has his own token, @Gold_On_Chain, for his “Golden Boys” community. After today’s Compound event, $GOLD doubled in value as speculators bet that Humpy would continue to find “highly profitable” governance/farming strategies.

The 1D chart shows the extended downtrend in COMP prices over the past few months. Source: COMPUSDT on TradingView.com

On the other hand, Compound’s native token, COMP, is down over 1% in the last 24 hours and over 7% in the last week following the latest corporate governance breach.

Moreover, it further deepened the token’s ongoing downtrend that has been ongoing since the 2021 bull run, when the token reached an all-time high of $910 in May this year and is now down almost 95% from that level.

The question remains what messages the Compound team will deliver to investors and what other findings will be released following the disclosure of the vulnerabilities.

Featured image from DALL-E, chart from TradingView.com