Following a much-heralded launch, layer-two scaling protocol Optimism was exploited and millions of tokens were stolen.
Earlier this week, the company behind Optimism announced that its platform had suffered a massive security breach. Hackers made off with 200 million OP tokens.
Understanding Optimism’s Structure
Although Optimism’s developers announced the hack this week, data from Etherscan reveals that the hack occurred on May 26.
Like many platforms in the market, Optimism is run by a decentralised autonomous organization (DAO). The DAO had been working towards launching its OP governance token, which would allow community members to vote on decisions concerning the protocol.
As part of the preparations, they hired Wintermute – a crypto market maker – to ensure the effective distribution of the tokens. In total, 20 million OP towns were created, and the DAO was looking to distribute them via an airdrop to stakeholders.
Last weekend an attacker was able to gain control of the Optimism addresses that correspond to various Gnosis Safe multisigs on Ethereum that had not yet been deployed to Optimism. A quick thread on security in the multi-chain world ~~
— smartcontracts (✨_✨) (@kelvinfichter) June 8, 2022
Optimism confirmed that they sent two test transactions to Wintermute before sending the 20 million OP tokens to the company. However, while Wintermute confirmed both transactions, both parties were surprised to find that the coins suddenly became inaccessible.
Your capital is at risk.
A Fatal Mistake Leads to Massive Losses
Optimism is a layer-two scaling solution built on Ethereum. Platforms like Optimism allow developers and users to enjoy faster transactions while bypassing the blockchain’s high fees. This has not been the case for investors who buy Ethereum and use the network for transactions. However, this process isn’t exactly perfect. In Optimism’s case, the OP tokens were sent to Wintermute’s Ethereum layer-one address.
Sadly, this wallet address was not deployed or synced to the Optimism layer-two address. Thus, the funds were left floating and inaccessible. The error was eventually discovered on May 30, and while Wintermute took responsibility, they claimed that the funds were retrievable through a one-time operation. Even if the coins weren’t accessible, they would be safe since no one could access them.
The assertion turned out to be false. Less than a day after Wintermute confirmed that the funds had been sent to the wrong address, an anonymous hacker took hold of all tokens from the layer-one address. The hack occurred on June 1, and the stolen tokens were worth about $35 million.
Still, the hacker didn’t stop there. They sold off a million OP tokens for ETH and held the remaining 19 million coins. While they’ve been silent since then, the chances of them moving the funds remains possible.
Remediation Efforts so Far
Wintermute has committed to buying back the stolen tokens. Already, they have bought the one million OP tokens that were sold. Optimism has said that the tokens in the wild have not been used to influence governance on the protocol.
So far none of the misappropriated OP has been used for anything related to governance.
If this changes, we will engage in targeted community discussion at that time, with the benefit of a more comprehensive set of facts.
— Optimism (✨_✨) (@optimismPBC) June 8, 2022
Both parties have also made several attempts to contact the hacker, but they’ve had no luck. Per the recent blog post, Wintermute appealed to the hackers, even going as far as offering employment if the stolen tokens are returned.
“The way the attack has been performed has been rather impressive and we can even consider consulting opportunities or other forms of cooperation in future,” the market maker wrote.
They’ve threatened to leak the hacker’s identity to law enforcement, but the market will like to see what comes out of that.
Last month, Optimism surged by over 10% following a listing announcement by Coinbase. The cryptocurrency exchange listed OP on Coinbase Pro – the exchange where traders buy Bitcoin, Ethereum and the best meme coins. Optimism was also added to its roster of digital assets supported by Coinbase Custody.
Your capital is at risk.
Related Crypto News
Lucky Block - Undervalued Crypto
- Listed on Gate.io, LBank, MEXC, PancakeSwap
- NFT Competitions, Jackpot Draws
- Powers Casino & Sportsbook Platform - luckyblock.com
- 10,000 NFTs Minted
- $2M+ in Prizes Awarded