Compound sends $90 million to users by mistake, issues threat
Compound Labs, one of the first companies to adopt DeFi, has reportedly sent $90 million to its users from its internal system due to a bug in its contract which had recently undergone an upgrade.
This bug resulted in the contract issuing many more COMP tokens than it normally should have and it turned out to be a bug bounty for the users who woke to several million dollars in their account, a total of which accounted for $30 million. The company does not collect the user info and with the transactions being done on the blockchain, where apart from the public address, nothing else about the user is known and so it is going to be difficult for Compound to chase down those users and get its funds back.
This has led Robert Leshner, CEO of Compound, to offer a kind of deal to the users with him promising that those who returned the funds would be rewarded with 10% of the amount of funds returned by them. He also issued a threat saying that those who do not return the funds would be reported to the IRS and would be tracked down and made to pay. This veiled threat could be interpreted to mean that those who returned the funds need not report the funds to the IRS. With the company not collecting any user info, which is one of the primary drivers of the DeFi ecosystem, it is indeed baffling on how the company could say that it would be able to track down the users who received the funds by mistake.
The best that the company could do is to release the addresses of the users publicly so that the company and the blockchain community can track the fund movements and ensure that they would not be able to convert them into fiat at any major exchange and withdraw it as well. This would require the cooperation of the entire crypto community including the exchanges but this has been done before. It has been reported that a couple of users had indeed returned the funds amounting to $12 million but it remains to be seen what the other users, who received the funds by mistake, would choose to do as more and more details emerge about the fund leak in the protocol.