Attacker snipes 20 million OP tokens intended for Wintermute loan

Ethereum scaling startup Optimism said Wednesday that an attacker interfered in a token recovery process involving Wintermute, resulting in the loss of some 20 million OP governance tokens. 

As previously reported, the OP token went live at the end of May as part of a plan by Optimism — a Layer 2 network — to decentralize how the protocol is governed. An airdrop was held on May 31, and some of the total OP tokens were set aside to provide to supportive outside parties.

According to blog posts from Optimism, "the Optimism Foundation engaged Wintermute for liquidity provisioning services in an effort to facilitate a smoother experience for users acquiring OP to participate in Collective governance. To carry out this engagement, a temporary grant of 20 million OP tokens was allocated to Wintermute from the Foundation’s Partner Fund."

But things went awry when Wintermute mistakenly provided a multi-signature Ethereum address that had not yet been deployed on Optimism. In its own explainer post, Wintermute founder and CEO Evgeny Gaevoy said the multi-sig address was a Gnosis safe.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

As the Optimism team explained in its message:

"Wintermute began a recovery operation with the goal to deploy the L1 multisig contract to the same address on L2. Unfortunately, an attacker was able to deploy the multisig to L2 with different initialization parameters before the recovery operation was completed and took control of the 20 million OP tokens. This address has since sold 1 million tokens, and can easily sell the rest."

According to both teams, Wintermute has purchased those 1 million OP tokens and intends to purchase more as the exploiter tries to sell them. The remaining tokens are currently held in this address.

"We want to make one thing clear - the initial error is 100% Wintermute’s fault and as such we will proceed to buy OP every time the attacker sells it to make the protocol whole eventually (we did initiate buying the first million OP tokens yesterday already)," Gaevoy wrote. "We understand that it can potentially create price volatility in the token and will make best efforts to smoothen the effect."

The Foundation has also "made a second short-term grant of 20 million OP to Wintermute so that they can continue with their work as things unfold," per Optimism's post.