Compound Finance's governance system faced an attack on July 28, 2024, when Proposal 289 passed with a 52 percent majority, allocating 499,000 COMP tokens worth $24 million from the DAO treasury to a yield strategy controlled by a group of traders calling themselves the Golden Boys. The proposal's passage exposed fundamental vulnerabilities in token-weighted governance where concentrated capital could override community interests.
Compound Governance Attack: Proposal 289 Controversy
Compound governance faces attack through Proposal 289 on July 29, 2024, highlighting vulnerabilities in vault-based lending protocol governance mechanisms.
Key Points
- Compound governance faces attack through Proposal 289 on July 29, 2024, highlighting vulnerabilities in vault-based lending protocol governance mechanisms.
Advertisement
728×90
Proposal 289 would have created a "goldCOMP" wrapper enabling a small group to manage treasury distributions and generate yield for themselves while claiming to provide passive income to COMP holders. Five wallets, apparently acquiring COMP from the Bybit exchange, delegated more than 228,000 tokens to governance delegates associated with a participant known as Humpy. Combined with existing delegate holdings, this created voting control exceeding 81 percent of the 400,000 COMP required to reach quorum. The strategy required only 52 percent of voting participants—achievable through concentrated capital—rather than majority support from the broader COMP holder base.
Compound security advisor Michael Lewellen documented that multiple accounts had been observed purchasing COMP tokens specifically to influence the vote, suggesting coordinated exploitation of governance mechanisms. The attack demonstrated that token-weighted voting could be weaponized by wealthy actors willing to spend millions purchasing voting power to extract value from community treasuries.
The Golden Boys agreed to rescind Proposal 289 after AlphaGrowth, a competing proposal creator, offered a staking product distributing 30 percent of Compound's existing and future market reserves to COMP stakers proportionally. This settlement converted a governance attack into a negotiated outcome: the attackers received commitment to ongoing treasury distributions rather than a single massive allocation, while the community avoided having control of significant reserves handed to a small group.
The incident highlighted that governance tokens created asymmetric incentives where wealthy participants could accumulate voting power specifically to extract value. Compound lacked mechanisms preventing rapid token accumulation through exchange purchases or requiring voting delays that would allow community mobilization. The vulnerability applied broadly to protocols using simple token-weighted voting without additional safeguards.
MiningPool content is intended for information and educational purposes only and does not constitute financial, investment, or legal advice.
Advertisement
728×90
Related Stories
Markets
MetaMask Launched a Self-Custodial Wallet for AI Agents on Monday and Capped Each Transaction at $10,000 of Built-In Protection
Consensys's Agent Wallet runs through a CLI, lets an AI agent trade across ten EVM chains plus Hyperliquid, and routes any flagged transaction back to the user for 2FA approval. Early Access opens to 200 traders.
·Tom Chen
Markets
Circle Launched cirBTC on Ethereum on Monday — and Lined Up a Direct Run at the $9 Billion Wrapped Bitcoin Market
Every cirBTC is backed 1:1 by native BTC at a regulated Circle entity, with Chainlink Proof of Reserve verifying the float on chain. The launch is calibrated to siphon institutional flow away from WBTC and Coinbase's cbBTC.
·Aubrey Swanson
Markets
Hyperliquid's FDV Just Passed Solana's — and Two New ETFs Pulled $25.5 Million in a Single Session
HYPE crossed $56 on May 21 and Hyperliquid's fully diluted valuation overtook Solana's, while Bitwise and 21Shares ETFs combined for a record $25.5 million in net inflows the day before.
·William Dale
Markets
Solana's Alpenglow Consensus Upgrade Went Live on a Community Test Cluster Last Week — Anza Is Targeting 150-Millisecond Finality, an 87x Improvement on TowerBFT
The biggest consensus overhaul in Solana's history is now running on validator infrastructure outside mainnet, with Anatoly Yakovenko targeting Q3 for mainnet activation. The change replaces Proof-of-History and TowerBFT outright.
·Jessica Miles
Markets
Trade.xyz Put SpaceX Pre-IPO Perpetuals on Hyperliquid on Monday — the Synthetic Closed the First Session at a $2.4 Trillion Implied Valuation
SPCX-USDC launched on Hyperliquid at 5:16 AM UTC with a $150 reference price and a $1.78 trillion implied valuation. By the close it was trading at $202.89, implying a valuation well above any private-market mark SpaceX has cleared.
·William Dale
Markets
THORChain Lost $10.7 Million to a GG20 TSS Exploit on May 15 — Three Days Later Verus's Bridge Was Drained for $11.58 Million the Same Way Wormhole Was
THORChain confirmed on May 15 that one of its six Asgard vaults was compromised for roughly $10.7 million via a GG20 threshold-signature key-leak; on May 18, Blockaid flagged an $11.58 million drain on the Verus-Ethereum bridge caused by the same class of source-destination value-binding gap that broke Wormhole and Nomad in 2022.
·Tom Chen
Stay informed
Verifiable crypto journalism, delivered to your inbox.
Weekday mornings. No hype. No financial advice. Just what happened and why it matters.
No spam. Unsubscribe anytime. Read our privacy policy.