Optimism Foundation Sends 20M Tokens to the Wrong Wallet

Optimism Foundation confirmed that they sent 20M OP tokens to the wrong multi-sig wallet even after completing two test transactions.ย 

Optimism Foundation confirmed that they sent 20M OP tokens to the wrong multi-sig wallet even after completing two test transactions.ย 

The Optimism Foundation has issued a statement confirming that 20M OP tokens meant for liquidity provisioning partner Wintermute have been sent to the wrong address.

Sponsored

The exploit took place on May 26. However, the community was informed just recently. The price of OP tokens was affected harshly by the incident. It went down 31.2%, trading at $0.76 over the past 24 hours, according to CoinGecko.

The Event

In an official statement, the Optimism Foundation team explains that they engaged Wintermute for liquidity provisioning services in preparation for the OP token launch. A temporary grant of 20 million OP tokens was allocated to Wintermute from the Foundation’s Partner Fund to carry out this engagement. After sending two test transactions that Wintermute confirmed, the Optimism team sent the total amount of tokens.

Unfortunately, Wintermute later discovered they could not access these tokens because they had provided an address for an Ethereum (L1) multi-sig that they had not yet deployed to Optimism (L2). This technical oversight opened the contract to an attack, in which a bad actor took control of the contract on the L2 themselves.

When the problem became apparent, the Wintermute team “began a recovery operation intending to deploy the L1 multi-sig contract to the same address on L2.” Still, the attempts to fix the situation were too late.

“An attacker was able to deploy the multi-sig to L2 with different initialization parameters before the recovery operation was completed and took control of the 20 million OP tokens. This address has since sold 1 million tokens and can easily sell the rest.”

Optimism is known as a Layer 2 scaling solution for Ethereum that can support all of Ethereum’s dApps. Instead of running all computation and data on the Ethereum network, Optimism puts all transaction data on the chain. It runs computation off-chain, increasing Ethereum’s transactions per second and decreasing transaction fees. OP tokens are the native token for the Optimism blockchain.

Aftermath

In response to the Optimism community, Wintermute acknowledged making “a serious mistake” and took full responsibility for the exploit. The firm stated that it would perform OP buybacks equal to the amount the exploiter sells to make “best efforts to smoothen the effects” of price volatility.

In the statement, Wintermute addressed the hacker, offering to treat the incident as a white hat exploit if the hacker agreed to return 19 million tokens within one week.

“We are 100% committed to returning all the funds, tracking the person(s) responsible for the exploit, fully doxxing them, and delivering them to the corresponding juridical system. Remember that robbers need to get lucky every time. Cops only have to get lucky once,” wrote Wintermute.

Replies to Wintermute’s message mostly applauded the firm for its transparency in revealing the issue and accepting the blame for what happened. However, not all of the crypto community is so supportive. Bear Baron Hellspawn tweeted about the amateurish approach and the inside job:

 

In his tweet, Chris Blec, the host of the Proof of Decentralization podcast, wondered if the most obvious explanation could be that someone involved with Wintermute may have performed the attack themselves.

 

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Paulina Okunyte

Paulina is a writer, reporter, and digital craftswoman. Her educational background extends from anthropology to IT & multimedia. She has experience working with tech startups, as well as mastering the craft of journalism. At DailyCoin, Paulina focuses on the world of metaverses, NFT marketplaces, NFT art, and blockchains backing NFT technology.

Read more