This DeFi app based on Ethereum just stole $12 million from its users

The Ethereum decentralized finance (DeFi) space was just hit with a “rug pull,” with unknown developer(s) dragging in $12 million in what seems to be the biggest ostensible scam in recent weeks.

Here is that story.

What is Compounder Finance?

Late last month, anonymous developers rolled out a project called “Compounder Finance” and a native token with the ticker CP3R. While the project’s name and token ticker has components from Compound’s COMP and Andre Cronje‘s Keep3r Network, it has nothing to do with these projects.

From what limited information there is on the web, Compounder Finance is a meta yield aggregator that deposited user deposits into different protocols to earn yield. Compounder also yielded CP3R, boosting returns considerably, to the point that they were far above those offered by other platforms.

This meant that users were willing to deposit millions into the contract, even though the project had just launched.

The scam

While users earned regular yields on their deposits over the first few days, something happened on Sunday and Monday.

To most, the first steps of the scam were seemingly harmless: the owner of the Compounder Finance protocol deployed new yield farming strategies via the timelock function. As many users presumably thought these strategies were legitimate, they kept their funds on the protocol.

This was anything but the case, though.

A malicious function within the contracts allowed the contract owner to manipulate the pool to withdraw all funds to his own address. As coder “Vasa” wrote on his blog:

“Compounder.Finance: Deployer (strategist) called inCaseStrategyTokenGetStuck() on StrategyController which abuse the manipulated withdraw() function of the Malicious Strategies to transfer the tokens in the Strategies to the StrategyController. Do this for all 7 Malicious Strategies.”

In all, $12.5 million was stolen. Much of these funds were in Wrapped Ethereum (WETH), stablecoins, and Yearn.finance (YFI), and Uniswap (UNI).

The CP3R market has taken a beating since the hack was executed. The Ethereum-based coin trades for $0.27 now, down more than 99.5 percent from its all-time high price near $100.

Taken, the sequel

The scam affected large players in yield farming.

Yield farmer DeFiYield.info, who has been releasing investigative information about top Ethereum protocols over the past few months, recently issued a personal message to the scammer. They claim to have deposited $1,000,000 into the protocol, which has now been stolen.

“It’s only a matter of time before a criminal authority will find you and arrest you. I will not have any limit of time and budget to make a report as detailed as possible about your scam/rugpull, file it to all criminal authorities with the best lawyers I can find.”

Message to the scammer of https://t.co/kZv6MWkB3E just scammed approximately $10,800,000

I have personally lost approx. 1m$ and the rest of the crypto community lost approx. 10m$ from your rug pull.

— DefiYield.info ?‍?? (@defiyield_info) December 1, 2020

The individual has since made a Telegram group for those affected by the attack. In this group, they’re attempting to track down the scammer(s) through on-chain analytics and other methods.

Many are cheering for DeFiYield and others looking to take down the scammer, even if DeFiYield’s Twitter thread reads like a sequel to Taken, as one Twitter user put it.

Mentioned in this article

Ethereum Compound Keep3rV1 Compounder Andre Cronje

Ad

WorkML.ai: Real World Data Annotation Hub Empowers AI with Crypto

Ad

CryptoSlate on Substack cryptoslate.substack.com

Daily digest of top crypto stories and market insights. Never miss out.

Join 75k subscribers

Ad

Latest Ethereum Stories

Top 4 accounting firm turns to Ethereum for blockchain-based business contracts

Adoption 2 days ago

OCM is designed to facilitate the secure handling of business contracts on a public blockchain, ensuring privacy by utilizing zero-knowledge proofs to maintain contract integrity and confidentiality.

Bitcoin barely holds on to $60k as bears retest March lows

Crypto 2 days ago

The flagship crypto touched a low of $59,658 before modestly recovering to around $60,800 as of press time, based on CryptoSlate data.

EigenLayer removes caps, sees record $157 million inflow as Lido dominance dips

Crypto 2 days ago

Lido's Ethereum staking dominance wanes, drops under 30% due to inflows into restaking protocols.

Ethereum falls to lowest level against Bitcoin in 3 years amid panic selling

Crypto 3 days ago

ETH-BTC records lowest level since 2021 as Ethereum struggles against Bitcoin amid market dip.

You might also enjoy...

Ethereum DeFi space faces three notable bugs in the span of a Sunday morning

DeFi 3 years ago

Seeming oracle attack causes $100m in Ethereum DeFi liquidations

DeFi 3 years ago

This new Ethereum DeFi token that suffered a bug rallied 375% today anyway

DeFi 3 years ago

Latest Alpha Market Report

Available exclusively via

Dial H for Halving: Unpacking the technicalities of Bitcoin’s halving

Andjela Radmilac · 4 days ago

CryptoSlate's latest market report dives deep into the Bitcoin halvings, exploring its technical underpinnings, the historical context of previous halvings, and their long-term impacts on the network.

Latest Press Releases

View All

Merlin Chain Launches MERL: A Major Leap Forward in Bitcoin Layer 2 Solutions

News Desk 9 hours ago

Telos Partners with Ponos Technology to Develop Hardware-Accelerated Ethereum L2 zkEVM Network

Chainwire 10 hours ago

Gate.io Introduces Quant Fund – A New Era of Wealth Management for Digital Assets

News Desk 12 hours ago