Low Voter Participation Enables $24 Million Compound Treasury Drain
Compound Finance, a major decentralized lending protocol, recently faced a significant challenge when a group of money grabbers known as the Golden Boys successfully executed a "governance attack" on July 28.
Compound Finance got DAO REKT because they just don't seem to care.
— Ignas | DeFi (@DefiIgnas) July 29, 2024
Here’s how absurd the process was:
An initial proposal to grant 92k $COMP was submitted without prior discussion. Thankfully, Compound's security advisor @LewellenMichael spotted it.
Despite glaring red flags,… pic.twitter.com/LKXphGQVZ3
The attack involved the passage of Proposal 289, which approved the transfer of $24 million worth of COMP tokens from Compound's treasury to a yield-bearing protocol called goldCOMP, operated by the Golden Boys themselves. This proposal was authored by a governance delegate associated with a notorious whale known as Humpy, a key figure in the Golden Boys group.
The attackers gained control of over 81% of the 400,000 COMP tokens required for a governance proposal to meet quorum. This was achieved by combining their own tokens with those delegated to them by five wallets that obtained nearly $12 million worth of COMP from the Bybit exchange. This concentration of voting power allowed them to push through the proposal.
The successful attack on Compound's DAO was not the first attempt by the Golden Boys. Two previous proposals, numbers 247 and 279, were thwarted by the community. Proposal 247 was canceled after being flagged as suspicious, while Proposal 279 was voted down with 88% opposition.
However, the third attempt, Proposal 289, passed with 682,191 votes in favor versus 633,636 against, resulting in an increased allocation of 499,000 COMP being earmarked for the goldCOMP vault.
This incident has highlighted a critical issue facing many DAOs - low levels of participation in governance processes. A recent study by academics from the University Complutense of Madrid revealed that 50% of DAOs have less than ten voters. In DAOs with 1,000 to 10,000 members, participation in governance is below 30% for most proposals, while over 50% of voting power is controlled by less than 1% of members.
In response to the attack, the Compound team has engaged in negotiations with Humpy. They have proposed introducing a revamped staking mechanism that would distribute 30% of the protocol's current and future reserves to COMP stakers, in exchange for the Golden Boys canceling Proposal 289.
The team also threatened to use centralized measures to nullify the attack if Humpy did not comply, including updating the project's governance to remove voting power from the wallet that authored Proposal 289 or distributing a new token that would exclude wallets that voted in favor of the controversial proposal.
This situation demonstrates the complex balance between decentralization and protection against malicious actors in DAO governance. While DAOs aim to provide decentralized decision-making, they can be vulnerable to attacks when participation is low and voting power is concentrated in the hands of a few large token holders.
