(Bloomberg) -- One of the crypto industry’s largest-ever loss of funds through an automated decentralized finance protocol miscue appears to be bigger than initially realized.
After a glitch in the so-called DeFi lending platform Compound led to nearly $90 million in mistaken rewards being distributed last week, Compound Labs’ founder and Chief Executive Officer Robert Leshner said millions more are at risk.
On Sunday, Leshner tweeted an additional 202,472.5 COMP tokens were issued, bringing the total dollar amount of crypto that was accidentally distributed to about $160 million. COMP is the “native token” used to conduct transactions. The price of COMP fell about 4% to $316.14 Monday, according to CoinMarketCap.com data.
The fiasco began last week when users approved an update to Compound’s platform that contained a software bug. According to a tweet from Leshner, the glitch caused too much COMP to be sent to some users. Unlike other lending platforms like BlockFi, which are run by a centralized company, Compound is operated by a distributed network of users utilizing smart contracts, or predetermined software programs. Neither Compound Labs nor anyone else can pause distribution of the tokens through the platform.
The decentralized nature puts the onus of returning the funds onto the users who received them. On the first day of the attack, Leshner begged users to send back the tokens, and even threatened to reveal users’ identities to the Internal Revenue Service if they didn’t comply. He later apologized for the threat. On Sunday, at least 117,000 tokens had been returned, he said.
The attack could be the largest-ever fund loss in a smart contract incident, said a core developer at DeFi platform Yearn in a tweet.
The error didn’t threaten any users’ existing funds, Compound said. Even so, the incident does highlights the fragile structure of many DeFi projects, an obstacle that may stand in the way of more widespread adoption.
“It’s extremely difficult to do to get software right the first time, and that’s the trouble with a lot of DeFi -- getting it right the first time,” said Clem Chambers, the CEO of Online Blockhain, an incubator of blockchain projects.
“DeFi projects are basically where the banks were in the 1880s where Billy the Kid could show up with a gun and stick it in their faces and say, ‘give me the money,’” Chambers added.
The Compound glitch is the latest high profile crypto stumble. Last month, popular blockchain Solana suffered an hours-long outage. In August, a hacker stole around $600-million worth of crypto tokens from another DeFi project, but then returned the funds.
Chambers said the industry needs better ways of developing software that won’t be as vulnerable to theft. He expects “massive innovation” in security to come as the DeFi industry expands.
©2021 Bloomberg L.P.