Compound Finance, a popular Ethereum borrowing and lending protocol, recently sparked debate among community members in the decentralized finance (DeFi) space.
A crypto whale known as “Humpy” leveraged his substantial holdings to pass a proposal that aims to give holders additional yield on their COMP tokens by depositing them in a vault. This action redirected 499,000 COMP, valued at approximately $25 million, from the Compound treasury to a yield-bearing vault controlled by him and a group called the “Golden Boys.”
Compound Finance’s Proposal 289 Passage Raises Governance Concerns
The proposal on Compound Finance’s decentralized autonomous organization (DAO) governance forum passed narrowly at 51%, with a vote tally of 682,191 for and 633,636 against. However, the narrow margin and concentrated voting power have raised concerns about potential governance attacks.
Following the passage of Proposal 289, Humpy defended the proposal against allegations of misconduct. He claimed that the proposal adhered to the DAO’s rules and did not permit the stealing or diverting of funds.
“Requested investment goes through a Trust Setup with a constraint set of actions that doesn’t permit stealing or diverting funds,” he said.
Read more: What Is Compound Finance?
Despite this defense, many crypto community members questioned the validity and security of the ‘Trust Setup’ that was supposed to safeguard the funds. Omer Goldberg, founder of Chaos Labs, noted that the community rejected previous similar proposals.
This was due to a lack of assurances and concerns about transferring significant treasury funds without proper safeguards. Goldberg highlighted that the latest proposal, although slightly modified with a Trust Setup, still failed to address core concerns about fund security.
Michael Bentley, CEO of Euler Finance, commented on Humpy’s argument, expressing his skepticism. He said that simply limiting investment actions won’t stop funds from being “diverted.”
“Even if this turns out to be a bona fide proposal, and it may yet for all we know, there were enough red flags to make it shocking that so few voted against it,” Bentley opined.
Wintermute Governance also pointed out that GoldenBoyzMultisig controlled any withdrawal action. This means the DAO could not recall funds at its own discretion at any time.
Furthermore, Nick Almond, CEO of Factory Labs, emphasized the apparent lack of proactive measures to prevent the proposal’s passage. He saw Compound’s governance attack as ” weird” because it seemingly happened before everyone’s eyes.
“Like 2-3 people/groups politely disagreeing with the proposal. No attempt to alert the COMP holders to rally a defensive vote. 50,000 tokens, and this could have been stopped,” Almond commented.
Haseeb Qureshi, managing partner at Dragonfly Capital, also offered noteworthy insight into this issue. He noted that this is not the first time Humpy has been involved in such activities. Qureshi referred to a similar incident in 2022, where Humpy allegedly used his substantial Balancer (BAL) token holdings to direct incentives to a pool he controlled.
“This is basically a DAO corporate raid, with a flavor of stripping/tunneling (where the raider strips out assets for personal gain). This is illegal in normal corporate law, but… in DAOs?” He wrote on his X (Twitter) account.
Read more: Compound (COMP) Price Prediction 2024/2025/2030
The controversy surrounding Proposal 289 has led to a notable decrease in Compound’s native token, COMP. At the time of writing, it is trading at $48.43, marking a 4.73% decrease over the last 24 hours.
The rapid rise of DAOs has brought challenges, as seen in the case of DAO YAM on July 9, 2022, where an attacker submitted a proposal with an unverified contract, aiming to transfer platform reserves to their wallet. The recent event exemplifies these vulnerabilities.
“While we cannot speculate on the intentions of Humpy, we can examine and discuss the following sequence of proposals, allowing readers to draw their own conclusions. The timing of the proposal and the voting was taking place during the weekend which majority of the community members might have been less active. In addition to the two unsuccessful Proposals prior to 289, any form of withdrawal is solely controlled by GoldenBoyzMultisig, in other words, the DAO cannot recall funds any time under its own discretion,” Hedi Navazan, Director of Compliance & Regulatory Affairs at Crystal Intelligence, told BeInCrypto.
These incidents highlight the need for the web3 community to develop robust governance systems. DAO developers and members must adopt measures to identify and address security vulnerabilities within their governance processes.
Trusted
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
