Hello,
I wrote about governance in ‘How to take over a DAO’ last year. This week, I have another opportunity to share my governance ramblings with you. This is the story of how a whale investor (or a group) forced the Compound DAO to make their governance token yield-bearing. On to the article now.
In the 1940s, Scottish philosopher Thomas Carlyle proposed the Great Man Theory, which posited that history is largely shaped by the impact of highly influential individuals. This is somewhat relevant in modern times when figures like Steve Jobs, Elon Musk, and Jeff Bezos have had outsized impacts on industries and, by extension, people's lives.
While this theory has been criticised for oversimplifying complex processes, the concept of individual influence remains potent—even in systems designed to be decentralised. In crypto, we often witness single actors wielding disproportionate power by using the levers of so-called decentralised governance.
Historically, influential individuals have found ways to bend corporations to their will. The 1980s saw the rise of leveraged buyouts (LBOs) in which firms like KKR (Kohlberg Kravis Roberts) used debt to acquire and restructure companies, often yielding substantial profits. This era of corporate raiders demonstrated how concentrated financial power could reshape entire industries.
Today, a similar dynamic is unfolding in the crypto space. Instead of traditional corporations, we're seeing the influence of 'whales'—individuals or entities holding large amounts of tokens—on decentralised autonomous organisations (DAOs). These digital entities, designed to operate without centralised control, are susceptible to major stakeholders' outsized influence.
A recent incident involving Compound Finance illustrates this phenomenon. A group of investors going by Goldenboys or Humpy on X managed to leverage substantial holdings (or rally support from other token holders) to force a significant change in the protocol's governance structure, compelling the DAO to share 30% of its revenue with COMP token holders.
What happened?
Compound Proposal #247
In early 2024, the Goldenboys group introduced Compound Proposal #247, which suggests the bold strategy of investing 92,000 COMP tokens (5% of the treasury's non-interest-bearing holdings) into the group's goldCOMP DeFi vault for one year. The plan to generate yield was straightforward:
Compound DAO would exchange COMP for goldCOMP tokens.
Goldenboys would create a 99% goldCOMP/1% WETH Balancer pool.
Monthly yields, converted to COMP, would be shared with Compound DAO.
After a year, Goldenboys would return the original 92,000 COMP.
The community, however, rejected the proposal. Out of 8.36 million circulating COMP tokens, only about 10% participated in the vote, with 710K against and 96K for.
Undeterred, Goldenboys refined their approach. Proposal #279 introduced a 'Trust Setup,' essentially a lock box with strict rules. While Goldenboys held the key, Compound's governance would dictate how and when it could be used. Despite these security enhancements, this proposal also failed, with 578.6K (~5.8%) votes against and 118.5K (~1.2%) for the proposal.
On July 24, Goldenboys unveiled Proposal #289. It improved upon the previous version by controlling where Goldbenboys can withdraw assets. Goldenboys could only send rewards to a hardcoded comptroller address controlled by Compound DAO. Surprisingly, the ask was for 499,000 COMP tokens instead of the original 92,000. The voting period saw a dramatic twist: with just hours remaining, the 'against' votes led by over 200K. However, a last-minute surge of 'for' votes tipped the scales.
The proposal passed with 683K for and 633K against. Interestingly, only 57 out of 219K token holders participated.
The following Tally snapshot shows the voting timeline. It does not capture the last-minute surge in votes for the proposal.
Resolution and Aftermath
Following private negotiations, Compound DAO and Humpy (aka Goldenboys) reached an agreement. Proposal #289 was cancelled on July 30 and replaced by a new 'Staked Compound Product' proposal. This compromise allocates 30% of current and net new market reserves to staked COMP holders.
In 0xMaki's words, this was not Humpy's first rodeo. This incident echoes a similar situation with Balancer in December 2022, where Humpy's actions led to a truce with the DAO. This Rekt article is a good resource if you want to read more about the drama.
The DeFi community reacted to this incident with mixed opinions. Aave's Marc Zeller mentioned how their community guardian would have vetoed the proposal. Curve's Michael Egorov talked about how Curve implements time decay so that last-minute manipulations are unlikely. It is easy to put others down. The fact is that Aave, Curve, or any other DeFi protocol is not immune to governance attacks or manipulations.
This resolution was important because, with an additional 499K tokens in addition to 683K, Goldenboys would control over 1.1 million COMP tokens for governance. a16z, the current largest delegate, has 260K votes. With the proposal implemented, Goldebboys would have controlled over 12% of the circulating supply. Going by the trends so far, where often less than 1 million tokens vote on proposals, Goldenboys could effectively hijack Compound governance. In this scenario, they could virtually control all aspects of the protocol, like rates, collateral requirements, and which assets qualify as collateral. Any one party wielding this kind of control can be detrimental to the protocol.
In this case, the incentives of the so-called attacker and broader token holders aligned. Tomorrow, they may not be.
Crusader or Tyrant?
Given that a single actor like Humpy could force significant changes, how decentralised is Compound's governance in practice? What does this reveal about the state of decentralisation in other DeFi protocols? How can protocols implement safeguards against governance attacks without centralising power or reducing the benefits of open participation? There are more questions than answers here.
Judging whether the person attacking the DAO would require you to choose between judging a person on either outcome or actions. The outcome here is four years after launch, the COMP token will start to accrue value, thanks to Humpy. They used existing governance mechanisms to effect a change. Isn't that precisely what decentralised governance was designed for?
There's a camp that considers this a governance attack. How could Humpy accomplish it, though? An obvious reaction is due to voter apathy in DeFi, so governance attacks become more accessible to execute. Voter apathy is not unique to DeFi; it is ubiquitous. Even in developed traditional equity markets, only 29.6% of the retail and ~80% of the institutional shares vote. Note that not all shares have voting rights, so the actual numbers may be lower.
But why do we assume that people should want to vote? The average person doesn't stand to gain anything from most governance proposals. On the contrary, they come with a cost of time, effort, and sometimes gas.
DeFi protocols have governance delegation mechanisms where token holders can transfer voting power. Despite delegation, voting participation often sits under 10%.
Founding Governance
Let's be real: Compound didn't wake up one day and decide to share 30% of its revenue with token holders out of the goodness of its heart. Nor did the regulatory landscape change in three days. It took Humpy, our modern-day corporate raider, to force its hand. This situation isn't just about Compound—it's a pattern we see across DeFi. Uniswap and company have also faced similar pressures.
The first question for founders is: Do you even need to decentralise? Why do you want to give up control? Pump.fun has accumulated $80 million in revenue since March 2024 without a token. It took over four years and some strong-arming for COMP token to do what it should have done since the beginning. Years after the token debut, the Uniswap fee switch can't be flipped because some of the largest token delegates don't want to.
Currently, the desire to slap a token forces the need for decentralisation, whereas it should be the opposite. I get that tokens are a funding vehicle, and they shorten working capital cycles for investors. Shorter cycles allow more ideas to be funded. Perhaps there could be different classes of tokens where some have voting rights, just like shares of public equities.
As DeFi matures, it must grapple with these governance challenges. The ideal of pure decentralisation may be elusive, but governance models can improve by learning from incidents like the Compound case.
Ultimately, the goal should be to create systems resilient to manipulation, responsive to genuine community needs, and capable of evolving without crises. This goal requires a delicate balance among individual agency, collective decision-making, and automated governance mechanisms.
For founders, the message is clear: governance is not an afterthought but a core component of protocol design. It requires as much innovation and careful consideration as the technical aspects of your project.
As I've watched this drama unfold, I can't help but feel a mix of concern and excitement. Concern because it exposes how vulnerable our 'decentralised' systems can be, and excitement because it shows that protocols don't always have the last word. The community can genuinely wield power.
To the founders wrestling with governance design, I say this: you're not just building a protocol; you're creating a living, breathing ecosystem. Here's what I believe you need to consider:
Embrace the whales, but don't let them run the show. Large token holders can drive innovation but also hold your protocol hostage. Can you design governance systems that give voice to the little guys, too? Can you use quadratic voting or time-locked tokens to balance influence?
Make governance engaging, not a chore. Most token holders don't vote because, frankly, it's boring and often feels pointless. How about gamifying governance? Or offering real, tangible rewards for consistent participation?
Governance models should be like protocols' immune system—constantly adapting. What if someone like Humpy comes for your protocol? Build circuit breakers if you must. Have training wheels. The future of DeFi governance isn't about creating perfect, unchanging systems. It's about building adaptive, resilient protocols that can withstand challenges and emerge stronger.
As for me, instead of dwelling too much on whether Humpy is a villain we got or a hero we deserve, what's clear is that as long as there are Humpys out there, they will try to exploit every governance loophole. The real test of decentralised governance is not the absence of influential individuals but the ability of the system to respond to such attacks.
Signing off,
Saurabh Deshpande