Hackers stole 20 million OP tokens meant for an airdrop.
Optimism intended to send the 20 million OP tokens to Wintermute, a market maker, that would distribute the airdrop.
Optimism sent the OP tokens to a layer-1 wallet address instead of a layer-2 wallet address.
The hackers returned 18 million OP tokens and retained 2 million as a bounty.
Keywords: Optimism, 20 million OP tokens, Wintermute, hacking, ethereum
A hacking incident resulted in Optimism, a decentralized autonomous organization (DAO), losing 20 million OP tokens. However, the good news is that Optimism recovered most of the tokens as a result of the voluntary action of the hackers.
The reason for returning the stolen tokens is not clear at the moment. Maybe the hackers responded to Optimism’s threat to take legal action. Other sources suggest that Optimism offered reward to hackers for returning the tokens. As other sources suggested, the potential reward includes an offer of working together. Now, let’s look at how the hacking took place.
How Optimism lost the tokens
Since Optimism is a decentralized autonomous organization, it planned to create and distribute its governance token, the OP token, to enhance the community members to vote on the protocol’s development choices.
In this respect, Optimism employed Wintermute, a crypto market maker to distribute the tokens in an effective way. As planned, Optimism produced 20 millions OP tokens to distribute to the investors as airdrop. The problem occured when Optimism tried to send the 20 million OP governance tokens to Wintermute.
Nevertheless, the DAO did not expect any mishap since it had carried out two test transactions. Both the transactions were hundred percent successful and there was no sign of any challenge. Thus, Optimism decided to send the entire 20 million OP tokens to Wintermute. This is where the problem started.
The real problem occured due to a confusion that took place regarding Wintermute’s receiving addresses. The fact is that Optimism sent the tokens to Wintermute’s layer-1 wallet address instead of the layer-2 one. The reason is that Wintermute sent a multisignature wallet address, which they had not yet deployed on Optimism's layer-2.
Since the wallet address was not yet deployed on Layer-2, the hackers took advantage of that technical error and hacked the system. Nonetheless, as soon as Wintermute observed the technical error, it tried to rectify it by deploying the identical address on Layer-2. However, that was already too late as the hackers had accessed the 20 million tokens.
According to the explanation, 1 million stolen OP tokens were transferred to Tornado Cash, a protocol which enables individuals to send and receive cryptocurrencies from different sources. Subsequently, the hackers converted them to ethereum and sent it to various wallet addresses of unknown people or organizations.
The way forward
On 30 May Wintermute informed the Optimism Foundation team about the hacking, but could not take any further action as it waited for a transparency update, which it later submitted on 9 June. It is important to note that the hacking of the tokens did not stop the distribution of the airdrop. Optimism gave Wintermute another 20 million tokens so that the intended airdrop would go on as planned while the due process to recover the stolen tokens was in progress.
The action path which Wintermute followed
After the dust had settled, Wintermute proposed to purchase the OP tokens whenever the hackers sold them. This would help to make the protocol complete. As already mentioned above, Wintermute acquired another 20 million tokens from Optimism.
In order to recover the stolen tokens, Wintermute contacted the hackers. But they did not respond on time. As a result, Wintermute threatened to reveal the identity of the hackers and take possible legal action.
Optimism recovers 17 million OP tokens
The hackers, however, returned 17 million OP tokens to Optimism. The hackers sent back the tokens to Optimism’s wallet address, through 17 transactions. Nevertheless, the hackers retained 2 million OP tokens as a bounty. Note that before the hackers returned the tokens, they first contacted Vitalik Buterin, the Ethereum founder, informing him of their willingness to return 18 million tokens.
True, to their word the hackers returned a total of 18 million tokens. They sent the 17 million directly to Optimism, while the other 1 million went to Vitalik Buterin’s wallet address. By the time of writing this article, there was still $900 000 worth of the OP tokens in the hackers’ wallet.
Meanwhile, Wintermute has given a statement that it will not pursue any legal means to recover the outstanding 2 million tokens. In fact, it has conceded that the two million OP tokens constitute its loss.
In a nutshell, some attackers hacked Optimism and stole 20 million OP tokens. This followed a technical error during the transfer of the tokens to Wintermute. Optimism, through Wintermute, intended to airdrop the tokens to its users. However, after some days the hackers returned 18 million of the token and kept 2 million as a bounty.
Author: Mashell C., Gate.io Researcher
This article represents only the views of the researcher and does not constitute any investment suggestions.
Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.