[ad_1]
Ethereum Layer-2 solution, Optimism, lost 20 million tokens that were inadvertently sent to a wrong blockchain address. The digital tokens were sent to Layer-1 ETH wallet, instead of a Layer-2 Optimism address.
Another day, another crypto hack. This time an anonymous hacker looted 20 million OP tokens worth $35 million at the time of the hack. The hacker acquired the Optimism governance tokens intended for a loan to Wintermute, a partnered liquidity provider. During the transaction, Optimism, sent two separate test transfers to Wintermute, both of which were confirmed to have reached the intended recipient. However, the tokens never reached their final destination.
To facilitate a smoother experience for users seeking to acquire OP following last week’s airdrop, we engaged @wintermute_t to provide liquidity provisioning services.
A total of 20M OP was granted to Wintermute from the Foundation’s Partner Fund.https://t.co/UO4WcuW4Wk
— Optimism (✨🔴_🔴✨) (@optimismPBC) June 8, 2022
How Did The Hacker Steal The Tokens?
Unfortunately, an attacker was able to deploy the multisig to L2 with different initialization parameters before these efforts were completed, assuming ownership of the 20m OP.
This address has since sold 1m OP:https://t.co/W8uiYPB9Of
— Optimism (✨🔴_🔴✨) (@optimismPBC) June 8, 2022
According to the official blog post, the 20 million tokens were sent to Wintermute’s Ethereum (L1) address, but as that address had not yet been deployed, or synced, to an Optimism (L2) address, the funds were left floating, inaccessible, on L1.
Meanwhile, the hacker took advantage of the error to transfer the 20 million OP tokens from layer-1 to layer-2, even as Wintermute grappled to recover the floating funds. The cyber criminal, only liquidated about a million of the stolen tokens. The attacker then sold off one million OP tokens for ETH, and retained the other 19 million. They then went silent, and haven’t been heard from since.
At present, the majority of the OP in question has not been moved. Both the Optimism and Wintermute teams are monitoring the situation closely.
While the situation is ongoing, we wanted to share this overview with the community now in the spirit of openness and transparency.
— Optimism (✨🔴_🔴✨) (@optimismPBC) June 8, 2022
Wintermute took full responsibility for the error after it was discovered on May 30. Wintermute staff also told the Optimism Foundation that the funds were potentially retrievable through a high-risk, one-time operation. They also insisted that the funds, if not accessible, were nonetheless secure: no one external could access them. Wintermute stated,
“We are open to see this as a white hat exploit. Moreover, the way the attack has been performed has been rather impressive and we can even consider consulting opportunities or other forms of cooperation in future. We are also content with the scenario where the remaining 19 million tokens are returned to Optimism wallet.”
Focus On Fixing The Problem
Wintermute CEO, Evgeny Gaevoy, has accepted the blame for the incident and has committed to buying back the remaining tokens from the person responsible for the exploit in case they are not returned. He hoped that the hack was a white hat exploit, in which case the remaining funds are potentially recoverable. Gaevoy went on to comment,
“We are not sure why they chose not to liquidate all of it at once. However, we haven’t received any communication from them and our message on the chain was left unanswered.”
[ad_2]