Compound Finance's governance system faced an attack on July 28, 2024, when Proposal 289 passed with a 52 percent majority, allocating 499,000 COMP tokens worth $24 million from the DAO treasury to a yield strategy controlled by a group of traders calling themselves the Golden Boys. The proposal's passage exposed fundamental vulnerabilities in token-weighted governance where concentrated capital could override community interests.
Compound Governance Attack: Proposal 289 Controversy
Compound governance faces attack through Proposal 289 on July 29, 2024, highlighting vulnerabilities in vault-based lending protocol governance mechanisms.

Key Points
- Compound governance faces attack through Proposal 289 on July 29, 2024, highlighting vulnerabilities in vault-based lending protocol governance mechanisms.
Advertisement
728×90
Proposal 289 would have created a "goldCOMP" wrapper enabling a small group to manage treasury distributions and generate yield for themselves while claiming to provide passive income to COMP holders. Five wallets, apparently acquiring COMP from the Bybit exchange, delegated more than 228,000 tokens to governance delegates associated with a participant known as Humpy. Combined with existing delegate holdings, this created voting control exceeding 81 percent of the 400,000 COMP required to reach quorum. The strategy required only 52 percent of voting participants—achievable through concentrated capital—rather than majority support from the broader COMP holder base.
Compound security advisor Michael Lewellen documented that multiple accounts had been observed purchasing COMP tokens specifically to influence the vote, suggesting coordinated exploitation of governance mechanisms. The attack demonstrated that token-weighted voting could be weaponized by wealthy actors willing to spend millions purchasing voting power to extract value from community treasuries.
The Golden Boys agreed to rescind Proposal 289 after AlphaGrowth, a competing proposal creator, offered a staking product distributing 30 percent of Compound's existing and future market reserves to COMP stakers proportionally. This settlement converted a governance attack into a negotiated outcome: the attackers received commitment to ongoing treasury distributions rather than a single massive allocation, while the community avoided having control of significant reserves handed to a small group.
The incident highlighted that governance tokens created asymmetric incentives where wealthy participants could accumulate voting power specifically to extract value. Compound lacked mechanisms preventing rapid token accumulation through exchange purchases or requiring voting delays that would allow community mobilization. The vulnerability applied broadly to protocols using simple token-weighted voting without additional safeguards.
MiningPool content is intended for information and educational purposes only and does not constitute financial, investment, or legal advice.
Advertisement
728×90
Related Stories

Aave Added 1,806 New Ethereum Wallets on Tuesday — Its Biggest Growth Day Since October 2021
Aave saw its strongest single day of Ethereum wallet creation in nearly five years on Tuesday, adding 1,806 addresses even as bitcoin closed under $60,000 and the fear-and-greed index sat at 13. The trigger is a mix of the V4 rollout, Smart Value Recapture revenue, and a Standard Chartered price note that circulated for a week.

MetaMask Launched Money Account on Monad on Tuesday — the mUSD Yield Wallet Pays 4 Per Cent and Comes With a Mastercard
Consensys is trying to turn MetaMask from a swap interface into a full self-custodial current account, routing stablecoin balances into Morpho for yield while letting users spend at any Mastercard merchant.

Clément Lesaege Proposed Forcing Ethereum Validators to Redirect Up to 10% of Staking Rewards on Sunday — and the Risk of a Validator Cartel Is Already in the Open
Kleros founder Clément Lesaege posted a 'Validator Redirected Revenue' proposal to ethresear.ch on June 21 that would let validators redirect 0-10% of staking rewards to public goods. If a majority signals support, the redirect becomes mandatory for the entire validator set.

MetaMask Launched a Self-Custodial Wallet for AI Agents on Monday and Capped Each Transaction at $10,000 of Built-In Protection
Consensys's Agent Wallet runs through a CLI, lets an AI agent trade across ten EVM chains plus Hyperliquid, and routes any flagged transaction back to the user for 2FA approval. Early Access opens to 200 traders.

Circle Launched cirBTC on Ethereum on Monday — and Lined Up a Direct Run at the $9 Billion Wrapped Bitcoin Market
Every cirBTC is backed 1:1 by native BTC at a regulated Circle entity, with Chainlink Proof of Reserve verifying the float on chain. The launch is calibrated to siphon institutional flow away from WBTC and Coinbase's cbBTC.

Hyperliquid's FDV Just Passed Solana's — and Two New ETFs Pulled $25.5 Million in a Single Session
HYPE crossed $56 on May 21 and Hyperliquid's fully diluted valuation overtook Solana's, while Bitwise and 21Shares ETFs combined for a record $25.5 million in net inflows the day before.
Stay informed
Verifiable crypto journalism, delivered to your inbox.
Weekday mornings. No hype. No financial advice. Just what happened and why it matters.
No spam. Unsubscribe anytime. Read our privacy policy.
