Crypto Community Shrugs Off Second-Largest Fund Loss As Defi Platform Bug Exposes Additional $66.9M

Bitcoin crypto currency blockchain network security technology mobile phone stock photo
alexsl / iStock.com

The hits keep coming for crypto, but it doesn’t seem to be bothering investors. Last week, $90.1 million in cryptocurrency went out to users of the decentralized finance (DeFi) platform Compound, in what CNBC called “an upgrade gone epically wrong.”

See: DeFi Protocol’s Botched Upgrade Sends $90 Million to Users – CEO Begs for Return of Money
Find: Investors Remain Unfazed by DeFi’s Largest Crypto Hack

Compound’s native token, COMP, dropped in price by 13% when the incident occurred, but bounced back quickly, according to historical price charts at CoinGecko.com.

At the time, Compound Labs founder Robert Leshner said there was a cap to how many tokens could be distributed accidentally, putting the cap at around $92.6 million.

But this weekend, Compound Lab’s founder Robert Leshner reported the token loss at closer to $162 million, roughly $66.9 million more than originally expected. The pool had been replenished, exposing more COMP tokens for distribution. COMP dropped roughly 4.8% as a result of the added exposure.

The Compound bug is the second-largest theft in the history of cryptocurrency after this summer’s hack of the Poly Network led to a $600 million theft on that DeFi platform. Nearly all the money was returned to Poly by white hat hackers.

Building Wealth

Last week, Compound Labs founder Robert Leshner tweeted in desperation, “If you received a large, incorrect amount of COMP from the Compound protocol error: Please return it to the Compound Timelock (0x6d903f6003cca6255D85CcA4D3B5E5146dC33925). Keep 10% as a white-hat. Otherwise, it’s being reported as income to the IRS, and most of you are doxxed.”

Shortly after, he backtracked, tweeting, “I’m trying to do anything I can to help the community get some of its COMP back, and this was a bone-headed tweet / approach. That’s on me. Luckily, the community is much bigger, and smarter, than just me. I appreciate your ridicule and support.”

Doxxing refers to making public the private details of a users’ account. For a crypto company, this would be tantamount to a PR nightmare, experts told CNBC.

So, Leshner is at the mercy of the DeFi network’s users to return the crypto, which is not unprecedented. Users who decide to keep the funds and cash out the money will have to pay capital gains tax when they sell.

What Went Wrong?

The error began as a bug in programming, which occurred during a major upgrade. The bug made it possible for hackers – of the white hat and black hat variety – to exploit the system and pull out funds from the platform’s pool of cash. No supplied or borrowed funds were at risk, however, which means investors’ money was safe. The coins’ values were diluted, however, Mudit Gupta, a core developer at DeFi exchange SushiSwap, told CNBC. Gupta called the incident, “not that big of a deal.”

Building Wealth

As of Sunday morning, about $38.7 million in coins had been returned to the platform, CNBC reported. As of Monday morning, COMP is down just 2.7%, while major cryptocurrencies Bitcoin and Ethereum are down 2.3% and 1.2%, respectively.

More From GOBankingRates

About the Author

Dawn Allcot is a full-time freelance writer and content marketing specialist who geeks out about finance, e-commerce, technology, and real estate. Her lengthy list of publishing credits include Bankrate, Lending Tree, and Chase Bank. She is the founder and owner of GeekTravelGuide.net, a travel, technology, and entertainment website. She lives on Long Island, New York, with a veritable menagerie that includes 2 cats, a rambunctious kitten, and three lizards of varying sizes and personalities – plus her two kids and husband. Find her on Twitter, @DawnAllcot.

Untitled design (1)
Close popup The GBR Closer icon

Sending you timely financial stories that you can bank on.

Sign up for our daily newsletter for the latest financial news and trending topics.

Loading...
Please enter an email.
Please enter a valid email address.
There was an unknown error. Please try again later.

For our full Privacy Policy, click here.