$10.8M Stolen, Developers Implicated in Alleged Smart Contract ‘Rug Pull’
Compounder Finance – a self-described clone of Harvest and Yearn Finance built by pseudonymous programmers – had its contracts drained of $750,000 worth of wrapped bitcoin (WBTC), $4.8 million ether, $5 million dai and a small assortment of other tokens, according to an address associated with the exploit. And while the attack looks similar to other DeFi rug-pulls or exploits, performed time and time again in 2020, this act of thievery is different because of the apparent con Compounder’s developers were playing, according to Robert Leshner, founder of lending protocol Compound Finance.
Smart contract audits not enough Compounder was audited by Solidity Finance. “The Compounder team swapped the safe and audited Strategy contracts and replaced them with malicious ‘Evil Strategy’ contracts that allowed them to steal users funds,” Solidity Finance told CoinDesk in a Telegram message, adding: “They did this through a public, though clearly unmonitored, 24-hour timelock.