WESTLAKE, Texas–A software bug in a recent update of software at Compound, a decentralized finance (DeFi) platform, resulted in users being sent nearly $90 million-worth of cryptocurrency in error, leaving its CEO to beg for users to voluntarily return the money.
DeFi platforms are the latest threat to emerge to credit unions and banks, as they are designed to eliminate the role of financial institutions as middlemen. They instead rely on “smart contracts” between users that are governed completely by computer code.
Compound is one of several DeFi platforms that allow users to lend out cryptocurrencies and earn interest. But unlike similar platforms, Compound isn’t run by a central company but rather by a distributed network of users utilizing smart contracts. Compound also distributes a token, called COMP, that gives users a say in how the protocol works and whose price on Friday was about $319 per coin, according to the company.
Source of Trouble
The trouble at Compound began when users approved an update to the company’s platform that contained a bug. Compound Labs CEO Robert Leshner said on Twitter the bug caused “too much” COMP to go to some users. But since the platform is decentralized and requires a waiting period, neither his company nor anyone else had the ability to pause distribution of the tokens, according to analysts.
Leshner said the impact was limited to 280,000 COMP tokens, which as of last week was about $89.3 million.
Leshner said in a statement the mistake indicates Compound’s protocol needs to have a lengthier review process and more community developers hunting for errors before changes are introduced.
Threats Made
After Compound users claimed the erroneous tokens, Leshner on Twitter threatened to reveal their identities to the Internal Revenue Service if they didn’t return most of them. He later apologized for the threat.
The company said the error didn’t endanger users’ funds, but analysts said it will hurt perceptions of trust and reliability in DeFi solutions.