Short
- Layer 2 scaling solutions provider failed to sync its optimism address with ethereum address prior to the massive transfer.
- The value of the stolen OP tokens was $35 million at the time of the hack, with 19 million tokens still missing.
Optimism can have good reason to be pessimistic.
The company behind the Ethereum scalping protocol announced today that in preparation for Launch a native OP token For the Optimism Collective DAO, it mistakenly sent 20 million tokens to the wrong blockchain address. The error resulted in the theft of all 20 million OP tokens by a hacker.
DAOs, or decentralized autonomous organizations, are blockchain-based collectives that vote on decisions, often via a native token. Optimism created OP as the governance token for its DAO, and hired market maker Wintermute to distribute 20 million OP tokens in an airdrop to Optimism Collective stakeholders in order to continue its launch.
Optimism sent Wintermute two test transactions last week before sending over 20 million OP tokens, both of which were confirmed by Wintermute. Optimism then sent the tokens, only to find Wintermute they were now inaccessible.
How? Optimism is a layer-2 scaling solution built on top of the Ethereum network. Second layer solutions allow faster transactions as they bypass the often congested Ethereum network. But such a feature also brings more risk.
In the case of the Optimism transaction, 20 million tokens were sent to Wintermute’s Ethereum (L1) address, but because that address had not yet been deployed or synced to an Optimism (L2) address, the funds were left floating, inaccessible. was given, at L1.
When it was discovered on 30 May, Wintermute took full responsibility. Wintermute employees also told the Optimism Foundation that the funds were potentially recoverable through a high-risk, one-time operation. He also emphasized that funds, even if inaccessible, are still secure: no outsider can access them.
The claim turned out to be false.
Within 24 hours after Wintermute aired its discovery on optimism, an unidentified hacker confiscated all 20 million OP tokens from an Ethereum address. On June 1, the date of the hack, the value of the haul was just over $35 million.
The hackers then sold one million OP tokens for ETH, and retained another 19 million. Then they fell silent, and since then there has been no trace of them.
As part of accepting responsibility, Wintermute has committed to buy back all tokens sold by the hackers. Wintermute has already bought back one million OP tokens sold last week.
optimism says That so far, the stolen tokens have not been used to influence the governance of their DAO, but they are monitoring the situation.
Both Optimism and Wintermute made several attempts to contact the hacker, but to no avail. Both companies partly went public today with details of the attack in hopes of getting hackers’ attention. one in blog post this afternoonWintermute appeals directly to the mysterious outlaws, appreciating his sophistication and offering him potential employment.
“The manner in which the attack has been conducted is impressive and we may also consider opportunities for consultations or other forms of collaboration in the future,” Wintermute wrote.
However, the sweet overture came with a sour pill: If the remaining 19 million OP tokens are not returned within a week, the company claims it will replace evidence of the hacker’s identity – thus far unknown – for law enforcement.
“You have a week to consider being a whitehat,” warns Wintermute.
What evidence do companies have, and what incentives to give to hackers, are open questions. In the meantime, it seems that the situation has given rise to a generally cheerful mood of optimism and . has taken a toll on public mind reputation.
“Consider your options,” Wintermute said in her blog post on Hacker, “and choose to be nice and optimistic rather than live in fear.”
Want to become a crypto expert? Get the best of Decrypt straight to your inbox.
Receive the biggest crypto news + weekly roundups and more!