Optimism Foundation confirm sent 20 million OP tokens for liquidity partners to the wrong address. The price of OP token immediately dropped from 1.12 USD on June 8 to only 0.7 USD after the news broke. The price has now recovered a bit to the $0.84 area.
"Optimism Foundation has partnered with Wintermute on liquidity services. The Foundation's Partner Fund accepts an interim grant allocation of 20 million OP tokens.
Based on the token receiving address provided by Wintermute, the Optimism Foundation sent 2 separate test transactions and after Wintermute confirmed each transaction, the rest were sent. Unfortunately, Wintermute later discovered they couldn't access these tokens because the wallet address was provided Ethereum multisig (layer 1) but not yet implemented on Optimism (layer 2)”.
It is reprehensible that the partner hired to support the liquidity services did not use the product that Optimism hired them to support. Although Wintermute claims to be “the leading global algorithmic market maker in digital assets,” they have made a fundamental mistake in the crypto space, especially for a generator. algorithmic markets.
To remedy the consequences, Wintermute committed to buy back the lost tokens. They will track the address holding these “lost” tokens and buy when the address sells.
Recovery process Optimism
Follow Optimism, Wintermute managed to resolve the situation without redeeming the tokens as they “started recovery to deploy the contract multisig above layer 1 to the same address on layer 2". However, Optimism says:
“Hacker deployed multisig to layer 2 with different initialization parameters before these efforts were completed and took possession of 20 million OPs.”
With that mistake, Wintermute essentially left 20 million OP tokens "in the air" for anyone to pick up by deploying the layer 2 Optimism contract to the address. So it can be seen as a fake move to announce the new owner as an “attacker”, casting doubt on the validity of the “mining attack” or “hack". Optimism also report this wallet sold 1 million OP.
Those who gained access to the wallet certainly made an unscrupulous move by taking advantage of the incompetence of an automated market maker. However, Wintermute's recent statement suggests that there is more to this situation than simply smart contract implementation.
Wintermute is available feedback to the Optimism community through their governance forum. In it, the team explains:
“When we reported the wallet address to the Optimism team, we made a fatal error. We have implemented Gnosis Safe on mainnet for a while and due to an internal error we communicate the same wallet as the receiving address.”
The post confirms this is "not a smart thing to do". However, it looks like this happened on May 30th, the day before the mainnet launch for Optimism.
Wintermute then acquires another 20 million OP by “giving 50 million” USDC as collateral”. However, a faster third party than Wintermute "snatched" the money:
“Hackers perform a replay attack by replaying the implementation Gnosis Safe MasterCopy 1.1.1 from mainnet Ethereum. They then use the previously deployed 0xE714 contract to deploy the vaults in batches to the 162 vaults.”
Wintermute then explained that an external third party accessed the funds through a Tornado Cash deposit, suggesting a sophisticated attack had occurred.
Indeed, Wintermute praised the "quite impressively executed attack" before offering them a "opportunity to advise" if they return the money.
Faced with an extremely confusing situation, the crypto community does not believe this story. Bear Baron Hellspawn comment:
“Due to the amateur level of the liquidity provider or the insider? Because unless you do something wrong, you cannot assume OP tokens will be transferred at a particular address.”
Wintermute ended its statement with a threat to the "attacker", saying:
“We commit to 100% to return all funds, track down the mining attacker(s), fully process it, and forward it to the respective legal system. Remember that robbers always need luck and only get lucky once."
Wintermute is currently participating in Consensus 2022 in Texas, starting June 9.