Decentralized finance platform Compound made a costly mistake after sending nearly $90 million worth of cryptocurrency to users following a bug in a recent update that left its creator CEO begging users to voluntarily send it back .
The glitch is a black eye for cryptocurrency platforms hoping to improve the traditional finance system. Decentralized finance (DeFi) platforms do not have banks or other middlemen who manage the funds. Instead they rely on “smart contracts” struck between users governed entirely by computer code.
Proponents say DeFi is more egalitarian in cutting off traditional firms, often using the adage “code is law” to emphasize that computer code, not the wrong person, controls the system. But critics say the wrong code has created disasters for users.
“There are reasons to criticize the current banking system, but there are a lot of safeguards in place to prevent things like this from happening,” said Andrew Park, a senior policy analyst at American for Financial Reform, an investor advocacy group. Critics of many crypto projects, told Bloomberg. “If I had my money in Compound, how much confidence would I have in that system now?”
The compound case is the latest high-profile error in the DeFi world. A closely watched crypto project blacked out for hours last month. In August, a hacker exploited a vulnerability in another DeFi project to take nearly $600 million worth of tokens in what was recognized as the biggest theft in the crypto world. The hacker later returned the stolen money.
This week’s mess happened on Compound, one of several DeFi platforms that allow users to lend cryptocurrencies and earn interest. Unlike similar platforms run by companies such as Blockfi Inc., Compound is not run by a central company, but by a distributed network of users who use smart contracts. Compound also distributes a token called COMP, which gives users an overview of how the protocol works and which was priced at around $319 per coin on Friday.
The trouble began on Wednesday, after users approved an update to Compound’s platform that contained a bug. Compound Labs Inc. CEO Robert Leshner said on Twitter that the bug caused too much comp for some users. But since the platform is decentralized and requires a waiting period, neither his company nor anyone else has the ability to stop the distribution of the token.
Leshner said the impact was limited to 280,000 comp tokens, which were valued at around $89.3 million on Friday.
In an interview, Leshner said the mistake suggests that Compound’s protocol requires a lengthy review process and that more community developers are falling prey to errors before introducing changes.
“This is not a phenomenon that calls into question whether DeFi can be operated securely. It is a wake-up call for decentralized, community-driven protocols to improve the processes by which change is introduced. are,” Leshner said.
After Compound users claimed false coins, Leshner on Twitter threatened to reveal his identity to the Internal Revenue Service if they didn’t return most of them. He later apologized for the threat.
“Open source, decentralized protocols are early and difficult. But every hiccup leads to a more fragile adversarial system,” Leshner wrote.
While this week’s error didn’t explicitly put users’ funds at risk, it does show that DeFi needs to find a way to increase user security before widespread adoption, according to the Blockchain and Digital Asset Project at the University of Pennsylvania. Director Kevin Verbach said. Wharton School.
“Most people in the world aren’t going to trust their money with anything, you’re going to lose everything if they’re told a bug,” Werbach said. “It’s not satisfactory.”
(with agency input)
Don’t miss a story! Stay connected and informed with Mint.
download
Our App Now!!
.