Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Last week, Compound Labs users have been surprised to see that they have received money from the company. They later found out that DeFi staking protocol Compound has accidentally given out around $90 million worth of COMP tokens because of a bug in a recent software update.
Following the incident, the company’s founder started asking users to give back the money they received threatening those who chose not to do so with IRS.
What Is Compound?
According to their website, Compound is an open-source software development company building tools, products, and services for the decentralized finance (DeFi) ecosystem. The software they build eliminates human intermediaries, relying instead on algorithms to perform transactions.
As the technology is relatively new, mistakes like giving away $90 million can be made.
Will People Give the Money Back?
Compound’s “Comptroller” contract’s transaction history shows where all the $90M worth of COMP tokens went. The founder of Compound, Robert Leshner made an appeal for the return of the tokens asking the users to give them back to the platform’s Timelock contract.
In order to motivate them, Leshner stated that as a reward for their correctness, users could keep 10% of the tokens.
He even started to threaten those who don’t have any intentions of returning the money posting on Twitter that the organization will expose personal information belonging to its users, as well as reporting them to the Internal Revenue Service (IRS).
Not long after, the Compound founder retracted the post.
If you received a large, incorrect amount of COMP from the Compound protocol error:
Please return it to the Compound Timelock (0x6d903f6003cca6255D85CcA4D3B5E5146dC33925). Keep 10% as a white-hat.
Otherwise, it’s being reported as income to the IRS, and most of you are doxxed.
— Robert Leshner (@rleshner) October 1, 2021
People didn’t receive the threatens very well. Here are some Twitter posts:
Wow @compoundfinance this is just embarrassing – a plea wrapped in a threat, fueled by the lack of privacy. https://t.co/iqkhRDF76Z
— Assaf Morami (@assafmo) October 1, 2021
Another user said:
This is how to make people who would marginally be willing to help you out for your mistake keep it out of spite. https://t.co/8QuFoS2miG
— Ryan Lackey (@octal) October 1, 2021
According to BleepingComputer, this mistake made the value of Compound’s native token, COMP drop by around 13% within 24 hours of Leshner’s tweet. However, when BleepingComputer reported the incident for the first time, the value was back on track.
Seeing that his previous posts didn’t go as planned, Leshner tried another approach.
I’m trying to do anything I can to help the community get some of its COMP back, and this was a bone-headed tweet/approach. That’s on me. Luckily, the community is much bigger, and smarter, than just me. I appreciate your ridicule and support.
Users don’t have to worry about their funds; the only risk is that you (or another user) receives an unfairly large quantity of COMP.
At the moment, the only thing that the company can do is to wait for the users who accidentally received the crypto assets to give them back, as its protocol requires a seven-day governance process before any production changes can be made.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
