IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Buggy DeFi update mistakenly issues $90m worth of COMP coins to users

Founder of Compound Labs pleads with users to return the money or risk action from the IRS

Someone checking online crypto markets while holding a coin

Around $90 million has been mistakenly sent to users of popular DeFi staking protocol Compound following a bug in a recent upgrade.

The company's founder took to Twitter to plead with users to return the platform's crypto tokens, while also threatening those refusing to do so.

"If you received a large, incorrect amount of COMP from the Compound protocol error: Please return it," Robert Leshner, founder of Compound Labs, tweeted on Thursday. "Keep 10% as a white-hat. Otherwise, it's being reported as income to the IRS, and most of you are doxxed."

Compound is a decentralised finance (DeFi) platform with a liquidity mining program that rewards depositors and borrowers, but usually at a rate of a single-digit for annual percentage yield (APY).

A user known as 'napgener' first noticed an issue with Compound payouts, flagging three Ethereum transactions where users received around $15 million in COMP tokens in exchange for borrowing and supplying small token quantities for the likes of USDC, ETH and DAI.

DeFi protocols like Compound are designed to recreate traditional financial systems, such as banks and exchanges, but with blockchain powered by automated smart contracts. On Wednesday Compound attempted to roll out an upgrade, but it appears to have included an error.

"The new Comptroller contract contains a bug, causing some users to receive far too much COMP," Leshner said. "There are no admin controls or community tools to disable the COMP distribution; any changes to the protocol require a 7-day governance process to make their way into production."

Related Resource

Pharma transactions during the COVID-19 pandemic

How resilient were they?

Whitepaper front coverFree download

More and more users began reporting over payments after Leshner tweeted about the bug: $29 million worth of COMP has been claimed in one transaction, while another has said they received 70 million COMP tokens (thought to be worth about $28m).

Leshner didn't specify the issue with the update, however a developer from another DeFi crypto exchange, SushiSwap, tweeted that the fault could be blamed on a "one-letter bug" in the code.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Operationalising anti-fraud on the mainframe
Whitepaper

Operationalising anti-fraud on the mainframe

5 Apr 2022
Revolutionising the lending process with IBM Cloud Paks
Whitepaper

Revolutionising the lending process with IBM Cloud Paks

1 Apr 2022
Injecting simplicity, speed, and innovation in core insurance processes
Whitepaper

Injecting simplicity, speed, and innovation in core insurance processes

1 Apr 2022
The new normal: The future role of finance
Whitepaper

The new normal: The future role of finance

10 Mar 2022

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022