Optimism Foundation delivers $20M to wrong wallet; OP drops 36%

The Optimism Foundation confirmed in a release that they sent 20 million OP tokens to the wrong multi-sig wallet, after having completed two test transactions.

The Optimism Foundation has confirmed in a statement that 20 million OP tokens intended for a liquidity provisioning partner were delivered to the incorrect address. After the news leaked, the price of an OP token dropped from $1.12 on June 8 to $0.70. The assertion read,

“The Optimism Foundation engaged Wintermute for liquidity provisioning services … a temporary grant of 20 million OP tokens was allocated to Wintermute from the Foundation’s Partner Fund.

Wintermute provided an address to receive the borrowed tokens. The Optimism Foundation sent two separate test transactions, and upon Wintermute’s confirmation for each, sent the rest. Unfortunately, Wintermute later discovered they could not access these tokens because they had provided an address for an Ethereum (L1) multisig that they had not yet deployed to Optimism (L2).”

Optimism recruited a partner to help facilitate liquidity services, but that partner did not use the product for which they were hired. Wintermute claims to be a "leading worldwide algorithmic market maker in digital assets," but it has made a basic error in crypto, particularly for an algorithmic market maker.

In recompense, Wintermute has:

“committed to buying back the tokens lost. They will monitor the address that holds these lost tokens and buy as the address sells.”

Optimism recruited a partner to help facilitate liquidity services, but that partner did not use the product for which they were hired. Wintermute claims to be a "leading worldwide algorithmic market maker in digital assets," but it has made a basic error in crypto, particularly for an algorithmic market maker.

However, Optimism claims:

“an attacker was able to deploy the multisig to L2 with different initialization parameters before these efforts were completed, assuming ownership of the 20m OP.”

By deploying an Optimism L2 contract to the address, Wintermute essentially left 20 million OP tokens on the street for anyone to pick up. Therefore, referring to the new owner as a "assailant" could be viewed as a public relations ploy, calling into question the legitimacy of the "exploit" or "hack." Since then, Optimism has announced that one million OP were sold from the wallet.

By taking advantage of an automated market maker's incompetence, whomever gained access to the wallet did it unethically. However, Wintermute's recent remark shows that the incident involved more than a simple deployment of smart contracts.

Wintermute response

Wintermute replied to the Optimism community through its governance forum. In it, the team describes:

“as we communicated the wallet address to the Optimism team, we made a serious error. We had a Gnosis safe deployed on mainnet for a while and due to an internal mistake, we’ve communicated the very same wallet as the receiving address.”

The post verified that this was not a prudent course of action. Nonetheless, it appears that this occurred on May 30, the day before Optimism's mainnet launch.

Then, Wintermute obtained an additional 20 million OP by "offering $50 million USDC as security." However, a third party, the "attacker," was speedier than Wintermute in obtaining the monies.

“proceeded with performing a replay attack by replaying the Gnosis Safe MasterCopy 1.1.1 deployment from Eth mainnet. They then used the previously deployed contract 0xE714… to deploy vaults per batches of 162.”

Then, Wintermute explained that the external third party accessed the monies through a complex mechanism including a Tornado Cash deposit. Indeed, the depiction creates the sense that a comprehensive attack occurred.

Indeed, Wintermute complimented the effort, noting, "The attack that has been carried out has been rather impressive," before proposing consultancy chances in exchange for the return of the monies.

Faced with an extremely uncomfortable circumstance, the crypto community is skeptical of the story; Bear Baron Hellspawn stated as much.

“Either amateur hour by so-called “liquidity provider”

Either inside job. Because unless you do some voodoo sh*t you cannot assume that $OP tokens will be transferred at a very SPECIFIC address.”

Wintermute concluded its statement with a threat against the "assailant":

“we are 100% committed to returning all the funds, tracking the person(s) responsible for the exploit, fully doxxing them and delivering them to the corresponding juridical system. Remember that robbers need to get lucky every time. Cops only have to get lucky once.”

Wintermute is currently exhibiting at Consensus 2022 in Texas beginning on June 9. At the time of publication, CryptoSlate has contacted out to both the CEO and COO, but had received no answer.

** Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of USA GAG nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.

Follow us on Google News

Filed under

Recent Search