Compounder Finance Rug Pull
Compounder Finance team pushed a malicious strategy-contract upgrade that swapped pool logic for a drain function, rug-pulling $12M of user deposits.
- Date
- Victim
- Compounder Finance users
- Chain(s)
- Status
- Funds Stolen
On December 1, 2020, Compounder Finance rug-pulled approximately $12 million. The team pushed a malicious upgrade to the strategy contracts, replacing legitimate pool logic with a drain function that emptied user deposits, then disappeared.
What happened
Compounder's strategy contracts were upgradeable by the team. After accumulating ~$12M, the operators upgraded the strategies to malicious implementations and withdrew all deposits — one of the earliest large-scale "upgrade-to-malicious-implementation" rugs.
Why it matters
Compounder Finance (Dec 2020) is an early, large progenitor of the upgrade-to-malicious rug that recurs throughout the catalogue (Swaprum, Kokomo, Wasabi). It established, in 2020, the user-side rule the catalogue keeps restating: team-controlled upgradeability is a standing rug option regardless of audits or current code. Five-plus years later the same structure, with the same pre-checkable red flag (who controls the upgrade key?), still works — because the incentive to skip timelocks/multisig for shipping speed never goes away, and users keep depositing without checking.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-compounder-finance-rug-december-2020
- [02]rekt.newshttps://rekt.news/compounder-finance-rekt