Compounder Finance

2020-11-08

Compounder Finance smart contract deployed on Ethereum (CP3R token contract: 0x7ef1081ecc8b5b5b130656a41d4ce4f89dbbcc8c).

2020-11-19

Solidity Finance releases audit report, flagging centralized developer control over strategy pools via a 24-hour timelock but concluding the protocol is safe from external attacks.

2020-11-19

In the weeks following the audit, developers begin deploying malicious 'Evil Strategy' contracts through the publicly visible but unmonitored timelock.

2020-12-01

Developers execute the rug pull, calling inCaseStrategyTokenGetStuck() across seven malicious strategy contracts and draining all user funds. Website, Twitter, Medium, and Discord are deleted.

2020-12-02

CoinDesk reports $10.8 million stolen; Compound Finance founder Robert Leshner publicly condemns the scheme and confirms no affiliation.

2020-12-02

CP3R token collapses approximately 98.8% in 24 hours, trading at $0.24.

2020-12-03

Decrypt reports Solidity Finance received death threats within 36 hours of the rug pull. DeFiYield.info — which claims $1 million in losses — announces a $50,000 bounty for information leading to fund recovery and organizes a Telegram victim group.

2020-12-03

Solidity Finance publicly acknowledges it should have been clearer about the implications of developer-controlled admin keys and commits to more robust future disclosures.