- The Optimism Foundation has revealed that it lost 20 million OP tokens in an incident involving market maker Wintermute.
- Wintermute mistakenly provided Optimism with a multi-signature Ethereum address that it had not yet deployed on the Layer 2 network.
- Due to the mistake, a hacker was able to deploy the multi-signature Gnosis Safe wallet and take control of the funds before Wintermute’s recovery operation was finalized.
Share this article
Crypto market maker Wintermute has lost approximately $17.6 million worth of OP tokens belonging to the Optimism Foundation due to a serious wallet management error.
Hacker steals 20M OP tokens
The optimistic sentiment of Wintermute has resulted in a loss of $17.6 million.
Crypto market maker Wintermute has committed a serious wallet management error that resulted in the loss of 20 million OP tokens given to the firm to help provide liquidity on centralized exchanges. Whereas the damage was done four days ago on June 5 only. publicized By optimism on Wednesday.
Hello friends- In the interest of transparency, we would like to share some details about the current situation:https://t.co/915vIgRIJG
— optimism (✨🔴_🔴✨) (@optimismPBC) 8 June 2022
“Hey guys – in the interest of transparency, we would like to share some details about the ongoing situation,” the foundation behind the Ethereum Layer 2 scaling solution wrote on Twitter yesterday. It reported that, two weeks ago, it had awarded 20 million OP tokens to Wintermute for its liquidity provisioning services, in order to ensure a smooth experience for users looking to purchase tokens on centralized exchanges.
Despite performing two test transactions before sending the bulk of the tokens, Wintermute quickly discovered that they had mistakenly provided a multi-signature Ethereum address that had not yet been deployed on the Optimism network, meaning they were layer 2 But could not use the money. Despite confirming that they were submitted successfully. The mistake Wintermute made was optimistically assuming that control over a multi-signature wallet on the Ethereum mainnet would also mean control over funds received to the same wallet on other EVM compatible chains, as is usually the case with simple wallets. Happens in However, as the market maker explained late Wednesday message For the optimism community, this was not the case:
“We have deployed a Gnosis vault on the mainnet for some time and due to an internal mistake, we have communicated the wallet with the same address as the received one. As some of you may know, it is not a smart thing to do – Controlling the mainnet safe does not guarantee control over other EVM compatible chains (unlike ordinary wallets).
After consulting with the Optimism and Gnosis Safe teams, Wintermute realized that the funds could be retrieved, but again took the mistaken belief that they could only be retrieved by it. “Wintermute assessed that the funds were potentially recoverable, and that none other than Wintermute could recover those funds,” it wrote. “However, the notion that the money could be recovered only by Wintermute turned out to be false.”
Before Wintermute and Gnosis Safe could carry out the recovery operation scheduled for June 7, a hacker deployed a multi-signature Gnosis Safe wallet (a smart contract account) on the Layer 2 network and took control of 20 million OP tokens. Based on on-chain data, hacker So far one million tokens have been sold and Transfer One million more to Ethereum founder Vitalik Buterin.
Wintermute has since claimed full responsibility for the incident and has committed to buying OP tokens every time an attacker sells them in order to eventually refactor the protocol. It also noted that for providing liquidity provisioning services, it received another 20 million in OP tokens, secured by $50 million in USDC collateral. In a final attempt to recover the funds, Wintermute sent the following message to the attacker:
“You have a week to consider being WhiteHat. If the above doesn’t happen, we will refund all the money, track down the person(s) responsible for the exploitation, do a thorough docking and send them to the relevant judicial system.” 100% committed to deliver.
The OP governance token of optimism, broadcast to previous network participants on May 30, fell from around $1 to around $0.72 following the news. It is currently trading around $0.88, down 12% on the day.
Disclosure: At the time of writing, the author of this article owns ETH and several other cryptocurrencies.