Compound Hack 2021 — $80M Exploit Analysis

A bug in Compound's updated Comptroller contract allowed users to claim excessive COMP rewards beyond what was earned.

Details

Full Description

A bug in Compound's newly deployed Comptroller contract caused the protocol to distribute excess COMP token rewards. Users discovered they could claim far more COMP than they had earned. The protocol's governance mechanism meant fixing the bug required a 7-day governance delay, during which approximately $80M in COMP was claimed.

Laundering Analysis

Most COMP was simply sold on open markets, depressing the token price. Because COMP is a legitimate ERC-20 token on major exchanges, there was no traditional 'laundering' — claimants simply sold at market. No mixing or obfuscation required. Compound upgraded the contract after the governance delay.

Sources

Transaction Hashes

Related Hacks

Back to Browse