The downed DeFi protocol in question is Compounder, a decentralized finance protocol that shifts investors’ money around other DeFi protocols to eke out the best returns.
The DeFi tool allegedly pulled the rug on its customers, looting $12.5 million worth of cryptocurrency from its vaults.
It’s not an unfamiliar scenario in the wild west of DeFi. The users of such protocols, many of which are used to lend out crypto or trade crypto on non-custodial exchanges, have become victims to such hacks, exploits, or outright scams on a nearly weekly basis.
The thing is, unlike other DeFi protocols, Compounder’s smart contracts are audited , meaning that an independent team had rooted around the code to ensure that everything was a-ok.
Audited smart contracts are the gold standard in DeFi—independent verification that the code does what its developers claim, as well as a laundry list of vulnerabilities.
So, how did Compounder’s developers still pull the wool over everyone’s eyes?
They didn’t: the auditors, Solidity Labs, had disclosed the flaw in its audit on November 19.
“In the audit report we highlighted the Compounder Team's ability to update the pools through the timelock all through one address,” a spokesperson from Solidity Labs told Decrypt .
Message to the scammer of https://t.co/kZv6MWkB3E just scammed approximately $10,800,000
I have personally lost approx. 1m$ and the rest of the crypto community lost approx. 10m$ from your rug pull.