back to article One-character bug gives away $90m in COMP tokens – recipients can keep 10% or consider themselves doxxed

Robert Leshner, founder of decentralized finance biz Compound Labs, has asked for the return of roughly $90m worth of COMP tokens after a smart contract bug distributed more of the cryptocurrency than it should have. COMP tokens get distributed on a daily basis to users of the Compound protocol. They grant holders a say in the …

  1. The Man Who Fell To Earth Silver badge
    FAIL

    Are the tokens convertible to cash somehow?

    If so, the IRS threat is truly stupid. So suppose a person got $10M from YOUR screwup. And your threat is that they'll have to pay about $2.5M in taxes? Sign me up!

    1. ShadowSystems

      Re: Are the tokens convertible to cash somehow?

      ^^^This. By all the unholiest of Cthulhu's mom's naked selfies on her Instagram, a thousand times this. I wish I dealt in such craptocurrencies so I, too, could collect a fat sack of cash & be forced to pay the taxes on a monster windfall. What a doofus!

      1. Jonathon Green

        Re: Are the tokens convertible to cash somehow?

        I’m not actually familiar with the business and it’s terms of service, but us it possible that some of the recipients aren’t based in the USA, aren’t subject to taxation there, and hence aren’t terribly worried about the IRS anyway? :-)

        1. The Boojum

          Re: Are the tokens convertible to cash somehow?

          Why should being resident outside the US make you safe from the IRS? They seem to regard themselves as the world's tax authority.

          1. DS999 Silver badge

            Re: Are the tokens convertible to cash somehow?

            Worse they could do for a non US resident/citizen who isn't subject to taxes is require the company to withhold taxes (assuming this is a US company)

            If that happened, those people could get them back - they might have to hire an account to file a US tax return for them to claim the amount as a refund.

            I had to do that when I consulted in Canada one year, though as it turns out it would have been cheaper if I'd let them keep it and claim that as a foreign tax credit on my US tax return.

            1. Roland6 Silver badge

              Re: Are the tokens convertible to cash somehow?

              >Worse they could do for a non US resident/citizen who isn't subject to taxes is

              Extradition and charged with wire fraud...

          2. A.P. Veening Silver badge

            Re: Are the tokens convertible to cash somehow?

            Because just about everybody who is neither an American citizen, a Green Card holder nor otherwise resident in the USA can give them the finger with impunity, by last count that is still about six billion. And the Infernal Revenue Service is well aware of its limits is there are already repercussions about taxing "accidental Americans".

        2. Ignazio

          Re: Are the tokens convertible to cash somehow?

          The threat is based on the fact that the three quarters of coiners that aren't scammers are scared sh*tless of big government knowing their names and stuff. This despite the fact government already knows all that. They were busy the day the wit sharpener was in town.

    2. Anonymous Coward
      Anonymous Coward

      Re: Are the tokens convertible to cash somehow?

      ... because it's still considered theft.

      You see what happens if a bank accidentally credits your account, and you withdraw it and refuse to return it...

      https://www.money.co.uk/guides/can-you-keep-money-accidentally-paid-into-your-bank-account.htm

      Similar stories exist in Russia, New Zealand, USA, India etc...

      1. Ian 55

        Re: Are the tokens convertible to cash somehow?

        Yeah, but this wasn't accidental, was it?

        "Do you want us to implement this code, dear users?" "Yes." "Oops, we got the code wrong." "So what?"

        The only thing that will stop cryptocurrencies being never-ending ROFL for no-coiners is that they're a crime against humanity and hastening its extinction via climate change.

        1. Mongrel

          Re: Are the tokens convertible to cash somehow?

          And we're forever being told that crypto doesn't run under the same regulations as the rest of the financial world and that it's a good thing...

          1. Ian 55

            Re: Are the tokens convertible to cash somehow?

            “Crying to meatspace courts deeply undermines the 'code is law' principles that DeFi was founded on. This is a slippery slope that ends with the end of DeFi." - the founder of Compound in June.

            If you say "code is law", don't come crying when you get one character wrong three months later.

      2. ecofeco Silver badge

        Re: Are the tokens convertible to cash somehow?

        Except they aren't banks. Or anything else that is regulated.

        Oops.

      3. Anonymous Coward
        Anonymous Coward

        Re: Are the tokens convertible to cash somehow?

        Even if this were theft (and that's not clear at all), the IRS doesn't care in the slightest. In fact, the law is clear that taxable income generally includes income from illegal activities; failing to declare that income and pay tax on it if owed is an additional crime atop whatever crimes were involved in the income production itself. Unlike those original crimes, the IRS *does* care, very much, about the additional crime of income tax evasion. I wouldn't worry at all about this jackass telling the IRS I made a big pile of money; I would be very concerned about the IRS (regardless) if I owed tax on it and failed to pay it.

        Threatening to publish people's personal information, if that is not already in the public domain, is most likely extortion. That too is true even if keeping the coins is theft: you can't threaten to kill someone who stole from you unless they give back what they stole, nor can you threaten to do anything else to harm them that you couldn't already do legally.

        So the right response here is "go ahead, make my day". As the recipient of these coins, you liquidate them and declare the proceeds as income and pay tax on it in your jurisdicion. And then you press charges against Leshner for extortion (and if he makes good on the threat, for whatever crime doxxing constitutes in your jurisdiction). With all that cash in hand, I expect you'll have no trouble changing your telephone number, address, etc. if it's a real problem.

    3. DrXym

      Re: Are the tokens convertible to cash somehow?

      Perhaps he's hoping that some of his customers are libertarians who've been dodging taxes for years and might respond to such a threat. If the IRS did come calling then the audit would be delivered in the form of a suppository.

      1. Anonymous Coward
        Anonymous Coward

        Re: Are the tokens convertible to cash somehow?

        Regardless of one's political ideology, if one's been dodging taxes for years, the best thing to do upon receipt of a giant windfall would be to report it and pay the tax owed. Otherwise you're only digging a deeper hole. The fact that the IRS knows about this particular windfall doesn't change anything, though as other posters have mentioned it just makes the obviously correct move even more obvious. And if you happen to owe back taxes for some reason, it would seem that the sudden appearance of a giant sack of cash -- somewhat less giant after paying the tax on it but still quite substantial -- would make for a good opportunity to contact your lawyer and approach the Beast about a settlement you can now afford. Guh.

  2. Sorry that handle is already taken. Silver badge

    Ahahahaha...

    Crypto rhymes with shitshow

    1. ecofeco Silver badge

      Re: Ahahahaha...

      Mere coincidence! *snerk*

  3. Doctor Syntax Silver badge

    "In the Compound forum, developers discussing the incident believe it would be a good idea to commit to rigorous testing and auditing prior to major code changes."

    Rigorous testing and auditing! What is the world coming to?

    1. Anonymous Coward
      Anonymous Coward

      @Doctor Syntax - Developers.

      Rigorous testing. Auditing code. Naah! You almost fooled me for a moment.

    2. Paul Herber Silver badge

      Rigorous testing and auditing. This was mentioned elsewhere on El Reg. I shall have to find out more ... sorry, no budget for that.

    3. Jimmy2Cows Silver badge

      Re: Rigorous testing and auditing! What is the world coming to?

      Don't worry. It'll never catch on.

  4. jimmy-o

    80 million dollars could have bought a lot of testing, but no amount of testing is going to hit every edge case. I think adding an escrow step before letting the funds clear is probably a good idea, for any time an algorithm is automatically handing out loads of cash. Plus some run-time sanity checks, to make sure that final values are within the right orders of magnitude.

    1. katrinab Silver badge
      Paris Hilton

      Sure, but that is the sort of thing the custodian trustee does, and "smart" contracts are supposed to do away with them.

    2. Loyal Commenter Silver badge

      80 million dollars could have bought a lot of testing, but no amount of testing is going to hit every edge case.

      Some sensible unit tests might have caught this though. For example, ones looking for fencepost errors in iterations, and testing with limit values (such as zero) are commonplace, and would almost certainly have picked it up. It's not like using the wrong comparison operator is an unheard-of mistake.

      Of course, this implies that the developers would know how to write code that is unit-testable, and know what a unit test is. I would imagine the sort of changes that get put into crypto protocol updates are discrete and testable though.

  5. Anonymous Coward
    Anonymous Coward

    It's a smart contract is it not?

    A contract with a loop hole, that loop hole was unintended, but was in the contract and agreed upon by deploying it. So are the saying because its code, if there are loop holes, which they are defining as bugs, they can say it wasn't wanted? But in the real world you could execute that loop hole, as you agreed to said contact. You could take them to court over it, but it's in the agreed contract.

    Or are they saying their contracts are not legally binding and there is nothing to stop them just changing things and ripping you of if they wish?

    1. Rol

      In English law, a contract needs to show consideration from both parties. A contract that gives one party everything while they give nothing back in return, would be deemed invalid, and if challenged in court would result in the court returning both parties to the state they were in before the contract and therefore all monies returned.

      So...if someone were to, let's say, bung a load of money into your bank account by accident. They could ask you nicely to return it to them, or if you got a little stupid and tried to keep hold of it, take you to court and get it back. If you went total chav about it and spent the lot of it on shiny things, then the courts are likely as not to bang you away in prison for a while.

      1. Rol

        As the jurisdiction is likely America in this case, I assume the legality of the situation is in favour of whomever has the most money.

        Which is fairer than the British system, whereby the legality of many situations are primarily determined by which school you went to, and the social circles you travel in.

      2. Ian 55

        The consideration was given when they joined the scheme. In exchange, they were offered the chance to be rich via having a say in what the scheme did.

        At least some of them have now achieved that :)

        They didn't write the crap code they were offered, they just said yes to it being implemented.

      3. Anonymous Coward
        Anonymous Coward

        > In English law, a contract needs to show consideration from both parties. [...]

        > So...if someone were to, let's say, bung a load of money into your bank account by accident.

        I don't see the connection. If someone bungs a load of money into your bank account by accident, that's nothing to do with a contract - at least, not one that you were party to.

  6. sreynolds

    Was there really an error?

    Surely their lawyers checked the contract beforehand. Perhaps they are negligent. Anyhow, don't the courts normally settle against those putting forward I didn't mean that argument?

  7. Anonymous Coward
    Anonymous Coward

    Do the IRS recognise gaming / gambling tokens intended for use only in a specific system as income?

    Does the law recognise crypto as property? If so does it value it at the “market rate” or the real worth of fuck all?

    1. Anonymous Coward
      Anonymous Coward

      What's the (financial) value of anything, if not the "market rate"?

      1. Anonymous Coward
        Anonymous Coward

        The financial value of any asset is defined as the present value of all future income it distributes to its owner. In most cases that's not known with certainty, but an upper bound is often known. That's the case with debt securities, and also with assets that cannot generate income. The latter would include these coins, so they have no financial value. They may have value to speculators, as ordinary goods, as pieces of art, as collectors' items, etc., but that's not financial value.

    2. Loyal Commenter Silver badge

      The law, in most places, recognises income from selling such crypto tokens for fiat currency, as capital gains, and taxes those accordingly.

      My guess is that the main impact of this will be to nail the real-money value of these tokens to the floor, as the "supply" has suddenly been inflated.

  8. Irongut

    > Otherwise, it's being reported as income to the IRS, and most of you are doxxed.

    Wow.

    > it would be a good idea to commit to rigorous testing and auditing prior to major code changes

    Double wow.

    This idiot shouldn't be in charge of a tuck shop let alone a currency or contracts. Between the scammers, the criminals and the just plain stupid is there anything redeemable about crypto?

    1. ecofeco Silver badge

      Not really, no. Just pump and dumpers trying to get everyone else in on the scam.

      I mean, investing in an unregulated thing and doing it by turning your real money into funny money to do so, can't possibly have a downside, can it? /s

      No wait... /hs.

  9. Anonymous Coward
    Anonymous Coward

    That sounds like a documented attempt of blackmail. When can Robert Leshner expect a visit from the FBI?

    1. ecofeco Silver badge

      It does, doesn't it.

  10. TeeCee Gold badge
    Facepalm

    At the current COMP token value.... that's more than 90m US dollars.

    And at tomorrow's value, the square root of fuck all.

    Funny what mahoosive oversupply does...

  11. Winkypop Silver badge
    FAIL

    Yeah I’d return it but

    My dog ate them

    Sorry

  12. ecofeco Silver badge

    Why it's almost like...

    It's almost like they need some kind of process and guidelines and oversight.

    There's a word for that. Sounds like egg-something-relations, something, something.

    1. Not Yb Bronze badge

      Re: Why it's almost like...

      Regulations for COMP were apparently "if proposed change voted for by enough COMP token holders, change occurs." Hazards of pure capitalistic democracy, etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like