Ad
News
This DeFi app based on Ethereum just stole $12 million from its users This DeFi app based on Ethereum just stole $12 million from its users
🚨 This article is 4 years old...

This DeFi app based on Ethereum just stole $12 million from its users

This DeFi app based on Ethereum just stole $12 million from its users

Photo by Max Duzij on Unsplash

The Ethereum decentralized finance (DeFi) space was just hit with a “rug pull,” with unknown developer(s) dragging in $12 million in what seems to be the biggest ostensible scam in recent weeks.

Here is that story.

What is Compounder Finance?

Late last month, anonymous developers rolled out a project called “Compounder Finance” and a native token with the ticker CP3R. While the project’s name and token ticker has components from Compound’s COMP and Andre Cronje‘s Keep3r Network, it has nothing to do with these projects.

From what limited information there is on the web, Compounder Finance is a meta yield aggregator that deposited user deposits into different protocols to earn yield. Compounder also yielded CP3R, boosting returns considerably, to the point that they were far above those offered by other platforms.

This meant that users were willing to deposit millions into the contract, even though the project had just launched.

The scam

While users earned regular yields on their deposits over the first few days, something happened on Sunday and Monday.

To most, the first steps of the scam were seemingly harmless: the owner of the Compounder Finance protocol deployed new yield farming strategies via the timelock function. As many users presumably thought these strategies were legitimate, they kept their funds on the protocol.

This was anything but the case, though.

A malicious function within the contracts allowed the contract owner to manipulate the pool to withdraw all funds to his own address. As coder “Vasa” wrote on his blog:

“Compounder.Finance: Deployer (strategist) called inCaseStrategyTokenGetStuck() on StrategyController which abuse the manipulated withdraw() function of the Malicious Strategies to transfer the tokens in the Strategies to the StrategyController. Do this for all 7 Malicious Strategies.”

In all, $12.5 million was stolen. Much of these funds were in Wrapped Ethereum (WETH), stablecoins, and Yearn.finance (YFI), and Uniswap (UNI).

The CP3R market has taken a beating since the hack was executed. The Ethereum-based coin trades for $0.27 now, down more than 99.5 percent from its all-time high price near $100.

Taken, the sequel

The scam affected large players in yield farming.

Yield farmer DeFiYield.info, who has been releasing investigative information about top Ethereum protocols over the past few months, recently issued a personal message to the scammer. They claim to have deposited $1,000,000 into the protocol, which has now been stolen.

“It’s only a matter of time before a criminal authority will find you and arrest you. I will not have any limit of time and budget to make a report as detailed as possible about your scam/rugpull, file it to all criminal authorities with the best lawyers I can find.”

The individual has since made a Telegram group for those affected by the attack. In this group, they’re attempting to track down the scammer(s) through on-chain analytics and other methods.

Many are cheering for DeFiYield and others looking to take down the scammer, even if DeFiYield’s Twitter thread reads like a sequel to Taken, as one Twitter user put it.

Mentioned in this article
Posted In: , DeFi
People were interested in these podcasts
Play Episode
36min
CryptoSlate SlateCast
Decentralizing AI infrastructure with Gaurav Sharma, CTO of io.net
In a recent SlateCast episode, Gaurav Sharma, CTO of io.net, joined CryptoSlate’s Editor-in-Chief Liam “Akiba” Wright and CEO Nate Whitehill to discuss io.net’s groundbreaking approach to decentralized infrastructure for AI. With a background at tech giants like Binance and Amazon, Sharma brings deep expertise in scaling technology to a decentralized platform. io.net is paving the way for a decentralized ecosystem that aims to democratize access to AI resources, reduce costs, and enable greater innovation.The Vision Behind io.netSharma explained io.net’s role as a Decentralized Physical Infrastructure Network (DePIN) that leverages community-powered hardware.“Our inventory comes from the community,” Sharma noted. “We don’t own our hardware; we aggregate it from individuals, data centers, and companies.”This model drastically reduces user costs compared to centralized giants like Amazon Web Services (AWS).He highlighted the efficiency of this model:“For instance, an H100 GPU on a centralized platform might cost eight times more than what we offer. Our decentralized model empowers startups by cutting costs and enabling them to allocate resources toward innovation.”Challenges in Decentralized AI InfrastructureBuilding a decentralized AI system presents unique challenges. Sharma emphasized the need for robust distributed systems, scalability, and transparency.“Decentralized infrastructure cannot rely on monolithic tech stacks,” he explained. “The team must excel at distributed systems and computational fundamentals.”Moreover, latency sensitivity and scalability were critical from day one, as io.net’s users often come from high-demand enterprises. Sharma also stressed the importance of trust and transparency in the crypto ecosystem.“Our block explorer showcases every aspect of our network, from GPU availability to revenue metrics. Transparency is the foundation of trust,” he said.Empowering Developers Through TokenomicsOne of io.net’s core innovations is incentivizing co
CryptoSlate SlateCast
Joe Consorti on Bitcoin's role in global macroeconomics
Bitcoin and Macro analyst Joe Consorti joins to dig into how US macro data is impacting Bitcoin and the latest on the Bitcoin reserve.Credits Thanks to Liam 'Akiba' Wright for hosting and producing the episodes.   Connect with CryptoSlate: - X - Substack - Google News - Telegram - Instagram
CryptoSlate SlateCast
Building the decentralized data layer with Powerloom’s Swaroop Hegde
Swaroop Hegde, CEO and Co-Founder of Powerloom, joined CryptoSlate’s Editor-in-Chief, Liam “Akiba” Wright, and CEO Nate Whitehill on The SlateCast to discuss the future of decentralized data layers. Backed by notable names like Blockchain Capital and Filecoin, Powerloom is setting a new standard for composable and decentralized data solutions, reshaping how users interact with on-chain data and fostering innovation across web3 applications.The Challenge of Reliable On-Chain DataSwaroop began by highlighting the current inefficiencies in accessing and verifying on-chain data. Traditional methods rely heavily on centralized sources, such as CoinMarketCap or specific blockchain dashboards, leading to potential data manipulation and outdated information.“Most of the usage when it goes outside of the dApp is actually coming from some sort of centralized indexer,”Swaroop noted, emphasizing the vulnerabilities inherent in such a setup.Powerloom addresses these issues with a decentralized node network, enabling real-time data computation without the need for a centralized intermediary.“With over 5,300 nodes, even non-technical users can contribute to the network, ensuring verifiability and reliability,” he explained.Powerloom’s Unique Approach to Data CompositionUnlike traditional indexers, Powerloom operates on a demand-driven system that aggregates data atomically. Swaroop explained,“We don’t sit and index all the data. Instead, we focus on composing data dynamically based on demand.”This approach allows Powerloom to cater to a variety of use cases, from trading data to lending rates across multiple chains.The platform’s composability extends beyond Uniswap and Aave, creating “data markets” that empower users to craft personalized queries and insights. These markets are decentralized and verifiable, ensuring users can trust the integrity of their data.Introducing Generative Prediction Markets (GPM)A standout feature discussed was Powerloom’s Generative Prediction Markets
CryptoSlate SlateCast
Essi and Ben explain Turtle Club’s approach to liquidity monetization
Esfandiar “Essi” Lagevardi, Founder and CEO of Turtle Club, and Benedikt “Ben” Schulz joined CryptoSlate’s Editor in Chief Liam “Akiba” Wright and CEO Nate Whitehill on the latest episode of the SlateCast. The duo shared insights on how Turtle Club is revolutionizing liquidity monetization and user engagement in Web3 by shifting the paradigm from value extraction to value creation.Redefining Liquidity Provision in Web3Essi described Turtle Club as a protocol focused on empowering users to monetize their on-chain activities across partner protocols, chains, and decentralized applications (dApps).“We’ve built a distribution protocol that allows anyone with a network to monetize user activity and return value to those generating it,” he explained.Essi emphasized the inefficiencies of traditional liquidity provisioning models, which he likened to “protocol-level loan sharking,” leading to adverse outcomes for stakeholders.Turtle Club’s approach addresses these inefficiencies by tracking users’ activities and distributing rewards based on protocols’ incentivization priorities, such as swap volume or liquidity contributions.Building Sustainable Incentive ModelsOne challenge Web3 protocols face is sustaining long-term user engagement. Essi highlighted that many protocols rely on short-term incentive campaigns that result in temporary spikes in activity, followed by steep drop-offs.“If your protocol doesn’t add sufficient value or utility, transitioning to a sustainable model becomes extremely challenging,” he stated.Instead, Turtle Club proposes a gradual, curve-like incentive model. Essi explained, “Start with moderate incentives to build traction, and as the protocol proves its value, transition to a sustainable framework while reducing dependency on subsidies.”Innovative Use of Treasury for Long-Term ValueBen elaborated on Turtle Club’s unique approach to treasury management, distinguishing it from other DAOs. Instead of selling tokens received from partner protocols, T

Hide All Glossary Terms