Skip to main content
Sign in
Compounder Finance1 decision on this page

Audit log

Every state-changing event for Compounder Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-25 17:34:24Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,113,828
    sig
    4jXPLmrjD1ya…5wDfkhndexplorer ↗
    hash
    FP9jCKcrv7dJ…Zh8EG6zcsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6148 B) ▸
    {"actor":"system:backfill","investigation_id":"312d7168-4587-4013-b950-2b2717d3aa4a","kind":"publish","page_slug":"compounder-finance","published_at":"2026-05-25T17:34:24.060Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Compounder Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/compounder-dev-team-steals-over-10-million-in-latest-defi-attack/","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x7ef1081ecc8b5b5b130656a41d4ce4f89dbbcc8c","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/50196/defi-auditor-death-threats-12-million-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/this-defi-app-based-on-ethereum-just-stole-12-million-from-its-users/","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/compounder-dev-team-steals-over-10-million-in-latest-defi-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/50196/defi-auditor-death-threats-12-million-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/compounderfinancerugpull.php","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/compounder-dev-team-steals-over-10-million-in-latest-defi-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/50196/defi-auditor-death-threats-12-million-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/compounder-dev-team-steals-over-10-million-in-latest-defi-attack/","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/compounderfinancerugpull.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/compounderfinancerugpull.php","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://chainbulletin.com/compounder-finance-developers-allegedly-involved-in-10-8-million-rug-pull-scheme","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/this-defi-app-based-on-ethereum-just-stole-12-million-from-its-users/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/50196/defi-auditor-death-threats-12-million-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/compounderfinancerugpull.php","type":"other","url":""}]}],"sources_used":[],"summary":"Compounder Finance was an Ethereum-based DeFi yield aggregator that launched in November 2020 and executed a deliberate rug pull approximately 22 days later, stealing between $10.8 million and $12.5 million from investors. Anonymous developers embedded hidden 'Evil Strategy' smart contracts behind a publicly visible but unmonitored 24-hour timelock, then drained all user funds and deleted the project's website and social media accounts. No funds were recovered and the perpetrators have never been publicly identified.","timeline":[{"date":"2020-11-08","event":"Compounder Finance smart contract deployed on Ethereum (CP3R token contract: 0x7ef1081ecc8b5b5b130656a41d4ce4f89dbbcc8c).","source":""},{"date":"2020-11-19","event":"Solidity Finance releases audit report, flagging centralized developer control over strategy pools via a 24-hour timelock but concluding the protocol is safe from external attacks.","source":""},{"date":"2020-11-19","event":"In the weeks following the audit, developers begin deploying malicious 'Evil Strategy' contracts through the publicly visible but unmonitored timelock.","source":""},{"date":"2020-12-01","event":"Developers execute the rug pull, calling inCaseStrategyTokenGetStuck() across seven malicious strategy contracts and draining all user funds. Website, Twitter, Medium, and Discord are deleted.","source":""},{"date":"2020-12-02","event":"CoinDesk reports $10.8 million stolen; Compound Finance founder Robert Leshner publicly condemns the scheme and confirms no affiliation.","source":""},{"date":"2020-12-02","event":"CP3R token collapses approximately 98.8% in 24 hours, trading at $0.24.","source":""},{"date":"2020-12-03","event":"Decrypt reports Solidity Finance received death threats within 36 hours of the rug pull. DeFiYield.info — which claims $1 million in losses — announces a $50,000 bounty for information leading to fund recovery and organizes a Telegram victim group.","source":""},{"date":"2020-12-03","event":"Solidity Finance publicly acknowledges it should have been clearer about the implications of developer-controlled admin keys and commits to more robust future disclosures.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision e773ee2c-952e-4cf8-a827-aa4973a1cb5d
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.