- Wintermute discovered that it could not access the tokens due to technical oversight and an attacker took control of the contract on L2, retrieving the 20 million OP tokens.
- Optimism price posted double-digit losses since the hack.
- The attackers have cashed out 1 million OP tokens through Tornado Cash; it is not a white hat exploit.
Optimism price took a hit after a hacker stole 20 million of its tokens whilst in transit to market maker Wintermute. The attack was thought to have resulted from a technical oversight by the market maker. Optimism, which is transparent in its updates, informed the community that it had now reimbursed Wintermute with an additional 20 million replacement tokens post the attack.
Also read: Everything you need to know about Ethereum's Merge testnet upgrade
Optimism tokens lost to attack on market maker Wintermute
Optimism, a low-cost lightning-fast Ethereum layer-2 blockchain, informed the community of the loss of 20 million OP tokens from a malicious attack. Optimism engaged market maker Wintermute to provide liquidity for its tokens, sending them 20 million OP.
Due to a technical oversight, Wintermute discovered they could not gain control of the OP tokens since the smart contract was still on L1 and had not been updated to be deployed on Optimism. This technical oversight left Wintermute vulnerable to a hack, and a bad actor took charge of the situation, grabbing 20 million OP tokens on the L2 for themself.
One million out of the 20 was moved to Tornado Cash, enabling users to send and receive funds from a mixed source. The attacker converted OP to Ethereum and sent it to an unknown address via Tornado Cash.
Hey folks--in the interest of transparency, we'd like to share some details about an ongoing situation:https://t.co/915vIgRIJG
— Optimism (✨_✨) (@optimismPBC) June 8, 2022
Summary below
Another 1 million has been withdrawn over the past hour, and the wallet’s balance is now 18 million OP tokens.
Attacker’s wallet with a balance of 18 million OP tokens
As soon as Wintermute became aware of the attack, it began a recovery operation with the goal of deploying the L1 multisig contract to the same address on L2. The remedy arrived too late, and the attacker had already taken control of the 20 million OP tokens, cashing out 2 million in the process.
Optimism’s transparency update arrived late
While the team at Wintermute informed Optimism Foundation of the attack on May 30, 2022, the layer-2 solution chose to wait to publish a transparency update on June 9, 2022.
The initial deployment of 20 million tokens occurred two weeks ago. After learning about the attack, Optimism provided another 20 million tokens to Wintermute while the market maker worked to retrieve the lost tokens.
Wintermute was under the impression that the funds were recoverable only by their team; however, this assumption was proven false when the attacker started selling their OP token holdings, by converting them to Ethereum and then transferring them to unknown addresses on Tornado Cash.
Wintermute consulted with the Gnosis Safe team, asking them for their assessment and help in attempting to recover the lost OP tokens.
Kelvin Fichter, a researcher and developer, shared detailed insights into the incident in a Twitter thread, revealing key details of the attack and how it could have been prevented
Last weekend an attacker was able to gain control of the Optimism addresses that correspond to various Gnosis Safe multisigs on Ethereum that had not yet been deployed to Optimism. A quick thread on security in the multi-chain world ~~
— smartcontracts (✨_✨) (@kelvinfichter) June 8, 2022
How the attacker stole 20 million OP tokens
In less than 24 hours of Wintermute notifying Safe and Optimism, wallet 0x8BcFe4f1358E50A1db10025D731C8b3b17f04DBB was funded via tornado cash transfer 134.
The attacker replayed the Gnosis Safe MasterCopy 1.1.1 deployment from the Ethereum mainnet and used the previously deployed contract
0xE7145dd6287AE53326347f3A6694fCf2954bcD8A to deploy vaults per batches of 162. The hacker then proceeded with selling 1 million OP tokens for ETH and withdrew back to L1 via Synapse and Hop bridges to then use tornado cash on the mainnet.
What Wintermute is doing
According to their confessional transparency update, the initial error in which Wintermute was unable to access OP tokens was 100% their fault. Wintermute, a market maker with a global reach, is now intent on buying OP every time the attacker sells to make the protocol whole eventually.
After the attacker’s 1 million OP tokens sale, Wintermute purchased an equivalent amount, and the market maker believes this is not a white hat exploit. Wintermute acknowledges that the attacker’s sale of OP tokens can potentially create price volatility in OP tokens.
Since the announcement, OP token price has plummeted by 14%.
Wintermute left a message for the attacker, however there is no update on any response.
Crypto Twitter criticizes Optimism and Wintermute
Dovey Wan, advisor to Coindesk, criticized Wintermute for making an amateur mistake. Deploying the multisig contract on the wrong chain is an “amateur mistake,” Wan told Twitter followers.
♀️ what a amateur mistake from Wintermute can’t believe 1. They deployed the multisig contract on the wrong chain 2. Didn’t try send a tx with the fund they received to make sure it’s actually “their fund”
— Dovey "Rug The Fiat" Wan (@DoveyWan) June 9, 2022
This is not how you handle you big size multisig recipient ♀️ https://t.co/J8hfBpt0zW
Dovey believes the Optimism team should have postponed the airdrop for a better consequence and pushed out the transparency report to later.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.
Recommended Content
Editors’ Picks
Why Polygon’s MATIC may have seen a bottom amid underperformance
Polygon MATIC, now known as POL, has been one of the most underperforming cryptocurrencies in the top 100 since the beginning of the year, declining more than 62% year-to-date. However, several key metrics on Wednesday show that its price may have seen a bottom.
SUI rallies as Circle announces the launch of USDC on its network
Layer-1 blockchain Sui has been gaining constant attention following big launches on its network, including the latest launch from USDC issuer Circle. Circle announced its plans to launch its USDC stablecoin on the Sui blockchain on Tuesday. The announcement also included the integration of Circle's CCTP for cross-chain building among developers.
Ethereum could rally 17% amid Bitwise thesis on ETH contrarian bet
Ethereum (ETH) is up 2% on Tuesday as anticipation grows for a 50-basis-point interest rate cut by the US Federal Reserve (Fed). Meanwhile, Bitwise's weekly memo noted that Ethereum still provides several opportunities and looks like a contrarian bet.
Bitcoin rallies with crypto market on steeper Fed rate cut speculation and Q4 positivity
Bitcoin (BTC) and the crypto market saw a brief rally on Tuesday following speculations that the Federal Open Market Committee (FOMC) may opt for a 50-basis-point rate cut during its meeting on Wednesday.
Bitcoin: On the road to $60,000
Bitcoin price retested and bounced off from the daily support level of $56,000 this week. US spot Bitcoin ETFs posted $140.7 million in inflows until Thursday and on-chain data supports a bullish outlook.
Moneta Markets review 2024: All you need to know
VERIFIED In this review, the FXStreet team provides an independent and thorough analysis based on direct testing and real experiences with Moneta Markets – an excellent broker for novice to intermediate forex traders who want to broaden their knowledge base.