COMP, the native token of lending protocol Compound, has lost over 6% of its value due to a possible “governance attack” on the Decentralized Autonomous Organization (DAO) that governs the protocol.
A governance attack occurs when an attacker uses the permissionless and tradable nature of governance tokens to gain significant voting power in the DAO in order to manipulate the protocol for personal gain.
According to posts on Compound’s forums, the governance attack involves a series of coordinated efforts led by a whale named Humpy to manipulate the platform’s decision-making process through COMP token delegations. Humpy is attempting to allocate $24 million worth of COMP tokens to a yield-bearing protocol called goldCOMP, run by a group called the Golden Boys. The group has made multiple attempts, and is succeeding in its latest attempt.
The group began the attacks in early May with Proposal 118, which proposed transferring 5% of the COMP treasury to a multi-sig wallet controlled by the Golden Boys. This proposal was not approved due to community members noticing suspicious conditions.
The second proposal, prepared with a similar approach, was Proposal 247. This proposal envisaged depositing 5% of COMP tokens into a goldCOMP vault that would provide passive income to COMP holders. However, this proposal also failed to reach the required majority and was rejected.
Finally, the group tried once more with Proposition 289, which passed.
While some have suggested that Humpy and the Golden Boys are trying to “steal funds,” Humpy has disputed these claims, saying that the GoldCOMP fund uses a “structure that does not allow for theft/diversion of funds.”
Proposition 290, which is expected to be voted on soon and would transfer the Timelock Admin smart contract, could prevent future governance attacks, but it is unclear whether it will prevent the Golden Boys from moving the COMP tokens they are after.