Despite the airdrop less than two weeks ago, there have been challenges for the team and market creator of the renowned layer-2 scaling solution. A flaw in the Optimism layer-2 scaling solution’s smart contract of the market maker resulted in the loss of 20 million OP tokens, shortening the solution’s honeymoon time.
The exploit occurred on May 26, although it was recently disclosed to the community. On Sunday, one million tokens worth around $1.3 million were sold. An extra 1 million tokens worth around $730,000 were sent to Vitalik Buterin’s Ethereum address on Optimism at 12:26 a.m. UTC today. The remaining tokens are now dormant but might be sold or utilised to influence governance choices at any moment.
Hey folks–in the interest of transparency, we’d like to share some details about an ongoing situation:https://t.co/915vIgRIJG
Summary below 🧵👇
— Optimism (✨🔴_🔴✨) (@optimismPBC) June 8, 2022
OP tokens are the layer 2 (L2) blockchain’s native token, and a part of the supply was airdropped to network users on June 1. L2 solutions reduce congestion on layer-1 (L1) blockchains like Ethereum.
Thursday’s summary of events from the Optimism team described how the 20 million OP tokens were to be utilised by the Wintermute crypto market-making company. After executing two test transactions, the Optimism team dispatched the whole number of tokens.
However, Wintermute noticed that it could not access the tokens since the smart contract used to take the tokens was still on L1 and had not yet been upgraded for deployment on Optimism. This technical error made the contract vulnerable to attack, and a malicious actor acquired control of the contract on the L2 level.
Wintermute tried to get over to deploy the L1 multi-sign contract to the same address on L2 as soon as it became aware of the issue, but it was too late. Execution of a transaction requires the consent of many key holders in a multi-signature contract.
In a recent message sent to the Optimism community, Wintermute accepted full responsibility for the exploit. The company indicated that it would undertake OP buybacks equal to the amount the exploiter sells to minimise the impact of price fluctuation.
Wintermute has promised to consider the event a white hat exploit, provided the hacker returns 19 million tokens within a week. This offer was made before the hacker transferred another one million tokens.
Most responses to Wintermute’s statement praised the company for its candour in disclosing the issue and for accepting responsibility for the incident.
Short-term, the Optimism team has awarded Wintermute an extra 20 million OP grant “so they may continue their work as events develop.” However, the researchers also noted that such efforts to create markets are transitory.
Some $OP tokens got hijacked.
Optimism is grappling with the idea of whether it should use its multisig to take the tokens back from the thief.
In this tweet, they’re saying “we coullllld do it.. but then you’d all hate us.. so we won’t.. for now.”
DANGEROUSLY CENTRALIZED. https://t.co/p7JiPY2TzU
— Chris Blec (@ChrisBlec) June 8, 2022
Chris Blec, the presenter of the Proof of Decentralisation podcast, stated that the team had explored (but rejected) undertaking a network update to regain control of the stolen funds. This meant, in his opinion, that Optimism (like the majority of decentralised financial initiatives using admin keys) is “DAMAGINGLY CENTRALISED.”
Blec also noted that the most plausible explanation for exploits includes those most intimately linked, suggesting that a Wintermute member may have played a part in the attack. He inquired, “Why is everyone in this space always so opposed to vetting the most obvious possibilities?” At this time, there is no evidence to support this assumption.
OP investors have poorly responded to the upgrade, as the token price has decreased by 31.2% to $0.76 during the previous 24 hours.