Compounder Finance
Rug PullDeFi · $CP3R · born 2020 · ✝ 2020
Devs swapped in malicious contracts and drained ~$12M.
Compounder Finance was a yield-farming aggregator on Ethereum pitched as a safer way to auto-compound returns. In December 2020 its own developers pushed malicious contract upgrades and drained roughly $12M of deposited funds in an insider rug.
- Peak
- ~$12M stolen
- Cause
- Rug Pull
- Year of death
- 2020
☠️ Cause of death
The team retained the ability to replace strategy contracts and used that power to swap in backdoored code that emptied the vaults.
📓 Lessons left behind
- —Upgrade keys without timelocks are a rug waiting to happen.
- —Audits of today's code mean nothing if devs can swap it tomorrow.
- —Anonymous teams with admin power deserve zero trust.
🌱 The idea that survived
Timelocked upgrades
Reinforced demand for on-chain timelocks so users can exit before contract changes take effect.
#defi#rug#upgradeable