Bitcoin and Ethereum have both been dominating the cryptocurrency and Blockchain industry over the past weeks. There have been speculations about institutional clients oversubscribing for Grayscale Bitcoin fund, PayPal too recently rolled out it Bitcoin services and Bitcoin now form a major asset base of MicroStrategy.
The enthusiasm and excitement around Ethereum 2.0 has seen the price of ETH spike to $635 on December 1, reaching a new all time high since 2018. While Bitcoin and Ethereum have both dominated the blockchain industry, rugs on Uniswap has continued unabated. Rogue DeFi developers and teams have continue robbing DeFi users.
The 1st of December 2020 remains a day DeFi users witnessed the highest amount ever stolen through a rug pull. This particular rug pull holds the record as the biggest rug pull ever perpetrated on Uniswap. Lets take a look at it.
Compounder Finance (CP3R)
This is a decentralized finance (DeFi) project rolled out by anonymous developers. With the little information I could gather from the website, Compounder Finance is a yield farming project, where users deposit into different pools to earn yield via a yield farming protocol mechanism. The native token of the ecosystem is CP3R.
The catch is, using CP3R the yields were boosted above other competitor’s rates making it very attractive for the average crypto speculator that wants to make bank in 24 hours. Considering the moon boy mindset in the DeFi space people didn’t mind locking in huge funds despite the project being new and the anonymous developer(s). Now I believe the saying “easy come easy go”.
How did compounder finance pull the rug?
With all Uniswap rug pulls, the first few hours and days are always smooth with those farming earning dividends on their deposits,the developer available in telegram chat, speculators shilling and traders making bank.
Ethereum address of the scammer: https://etherscan.io/address/0x079667f4f7a0b440ad35ebd780efd216751f0758
The developer initiated his rug by deploying new yield farming strategies via the timelock function. Users saw nothing malicious about the new deployments so they left their deposited funds in the DeFi protocol pools. But then the developer had a malicious function that allows him manipulate the pool in a way that he was able to withdraw deposited funds to his ETH address. Every new day rogue DeFi developers are discovering new scam moves lol.
https://t.co/q0NJ0n40Fd $CP3R Post mortem
They had function that allowed them to withdraw any number of tokens staked in the contract.
strategist was of course deployer address -> 0x079667f4f7a0b440ad35ebd780efd216751f0758https://t.co/dlJwTHqxon#CryptoRedFlag pic.twitter.com/aPwvpKz0if
— Víðarr the Auditor (tweets ≠ investment advice) (@VidarTheAuditor) December 1, 2020
Through this malicious function compounder finance developer was able to transfer over $12 million of deposited funds in the pool by users to his own ETH address. Majority of the stolen funds were in Wrapped Ethereum (WETH), Stablecoins, YFI and UNI.
According to a tweet, DefiYield.info claims to have lost approximately $1 million to the CP3R rug pull. A look at the compounder finance telegram group saw messages by users of the protocol talking about their losses. These losses are in thousands of dollars. The developer, Shammy immediately after draining the pool deleted his telegram account and is probably at a beach in the Maldives enjoying the stolen funds.
Conclusion
While decentralized finance protocols aim to provide a suite of financial products that are not controlled by any central authority. The risks associated with products like these outweighs the advangtges it has over centralized finance products. Anonymous developers/teams and code exploitation are the biggest risks involved with DeFi protocols.
I would recommend DeFi users to remain with established protocols, brands and faces in the DeFi space like Andre Cronje, YFI, Compound, Keep3r, Binance smart chain, Cover, Aave, etc. If you invest in a new project with an anonymous team like compounder finance, then you are just gambling due to greed and whatever the outcome is you should hold yourself liable for your actions. Rug pulls by rogue developer(s) like that of compounder finance generates negative publicity for decentralized finance (DeFi).
Now is time to change the narrative and negative publicity associated with decentralized finance due to rug pulls, code exploits and rogue developers by sticking with established protocols, brands and faces in the DeFi space that have been tested over time and can now be trusted.
https://etherscan.io/tx/0x57c61df91e46b191424bfdd9223f277457a07999b58420e3b540059aad3fc7fe