A hacker stole 20 million OP tokens, worth about $35 million, following a mistake with an address that was supposed to be sent to market maker Wintermute. The attacker has already sold one million of those tokens.
Ethereum Layer-2 scaling solution Optimism suffered a theft that resulted in the theft of 20 million OP tokens, the team announced in a blog post. The theft was the result of the team sending 20 million OP tokens which were allocated for loan to Wintermute – but a mix-up with an address led to a hacker stepping in and stealing the funds.
The team wanted to give users a better chance of acquiring OP tokens, and was working with market maker Wintermute to that end. However, after two test transactions, Wintemute said that they could not access the 20 million OP tokens that had been sent. This was because the address provided was for an Ethereum/L1 multisig address that had not yet been deployed to Optimism.
$35 million in stolen OP tokens
Wintermute tried to initiate a recovery operation to deploy the L1 multisig contract to the same address on L2, but the attacker got there first. They deployed the L1 to L2 multisig with different initialization parameters and stole the tokens. The total value of these tokens, at the time of the theft, was $35 million. One million of these tokens have been sold.
Wintermute has said that it plans to buy back the stolen tokens by monitoring the hacker’s address. The Optimism Foundation has also created a grant of 20 million OP tokens to Wintermute so that liquidity provision can take place.
The Optimism team also points out that it could use a network upgrade to stop token movement, but won’t “because of the precedent it would set.” The team explained the situation in the interests of transparency, but there is no doubt that damage has been done.
The first hiccup for an otherwise successful endeavor
Optimism’s OP token airdrop and the new governance system have received much praise. The crypto community was pleased to see a pioneering governance model introduced, besides having conviction in the scaling solution itself.
But with the hack, there was a shift among some community members, who criticized the response to the incident. A user on Twitter pointed out that there was a 15 hour gap between the test transaction and the real one. Others made similar comments, saying the response was not adequate.
Optimism has made a lot of positive headlines in the past few months, and perhaps the good news could not last forever. The team said that such incidents were growing pains of an evolving industry.
