Optimism, the developer of the L2 solution that scales Ethereum, got into an extremely unpleasant situation. Their partner Wintermute “gifted” 20 million OP control tokens to hackers because of an address mistake.
What happened
The Optimism team described the details of the incident in their blog.
So, 2 weeks ago, they sent 20 million OP tokens to marketmaker Wintermute. This was to prepare for the drop of OP tokens. The funds were sent by the Optimism Foundation.
This transfer was a loan to provide liquidity to OP once it was listed on the exchanges. But things didn’t go according to plan because Wintermute gave Optimism the wrong wallet address. The agreement was to keep the money in a multi-signature wallet, which is owned by Wintermute.
Two test transactions were successfully sent, followed by the full amount. However, Wintermute was unable to access the tokens because the multisig address provided was on Ethereum’s first layer, not L2.
In an attempt to deploy the L2 address, they were overtaken by an attacker and access to the tokens was lost.
Where are the tokens now
The thief has already managed to transfer 1 million OP tokens into the ethereum and then transfer them to an unknown address via a Tornado Cash mixer. The remaining 19 million coins are still in the hacker’s wallet. And all the while he will have voting rights in the Optimism community.
Who’s to blame and what to do
The Wintermute team admitted their mistake 100%. They promised to buy OP tokens from the hacker every time he sells them in order to restore the integrity of the system. The provider has already purchased the first million tokens.
The Optimism Foundation will be helping Wintermute. They have given them a second grant of 20 million OP so the team can continue their work.
In addition to Optimism, several other protocols are scaling Ethereum. That means there is a reason to wait for airdrops.