Wintermute’s ‘Amateur Mistake’ Leads to Loss of 20M Optimism Tokens
A mistake by crypto market maker Wintermute has resulted in the loss of 20m Optimism (OP) tokens currently worth USD 17m.
In preparation for the OP token launch, Wintermute was to receive “a temporary grant” of OP 20m for liquidity provisioning services. After successfully sending two test transactions, the Optimism team sent the full amount of tokens.
However, the crypto market maker had mistakenly provided a multi-signature Ethereum (ETH) address that had not yet been deployed on Optimism. Therefore, it was not able to access the tokens, according to a summary of events from the Optimism team.
Wintermute started “a recovery operation with the goal to deploy the [layer 1] multisig contract to the same address on [layer 2],” but it was too late as a bad actor had already taken control of the funds.
“An attacker was able to deploy the multisig to L2 with different initialization parameters before the recovery operation was completed and took control of the 20 million OP tokens,” the team said.
Dovey Wan, a founding partner of Primitive Ventures, an international venture investment firm that invests in blockchain and crypto technologies, called the lapse an “amateur mistake.”
“[W]hat a amateur mistake from Wintermute can’t believe 1. They deployed the multisig contract on the wrong chain 2. Didn’t try send a tx with the fund they received to make sure it’s actually “their fund,” she said. “This is not how you handle you big size multisig recipient.”
She also claimed that Optimism should have postponed their airdrop following the incident.
In a Thursday message to the Optimism community, Wintermute took responsibility for the error, saying that it was “100%” their fault. The firm also pledged to perform OP buybacks equal to the amount the exploiter sells at as a means of making “best efforts to smoothen the effects” of price volatility.
The company also asked the exploiter to consider being a “whitehat” by returning the remaining 19m tokens within one week. That is because the exploiter had already sold 1m tokens on Sunday.
Following the offer by Wintermute, the exploiter transferred an additional 1 million tokens to Ethereum’s co-founder Vitalik Buterin’s address on Optimism. The remaining OP 18m tokens are dormant for now in this address.
The Optimism team noted that they could have stopped the movement of those OP tokens that have not been sold or transferred by a network upgrade. “We will not take this step at this time due to the precedent it would set,” they added.
In response, Chris Blec, host of the Proof of Decentralization podcast, argued that this shows Optimism is “DANGEROUSLY CENTRALIZED.”
“If they can freeze a thief’s wallet with their multisig, THEY CAN FREEZE YOUR WALLET TOO,” he added.
Some $OP tokens got hijacked.— Chris Blec (@ChrisBlec) June 8, 2022
Optimism is grappling with the idea of whether it should use its multisig to take the tokens back from the thief.
In this tweet, they're saying "we coullllld do it.. but then you'd all hate us.. so we won't.. for now."
DANGEROUSLY CENTRALIZED. https://t.co/p7JiPY2TzU
Meanwhile, the OP token has been hit hard today. At 8:16 UTC, the coin is trading at USD 0.85, down by 13.2% over the past 24 hours. It’s also down 31.3% in a week.
– Optimism’s OP Token in Roller Coaster Mode after a ‘Turbulent Launch’
– Optimism Moves Toward Decentralized Governance Structure With OP Token Launch
– Ethereum and Uniswap Tank Despite Optimism News
– Layer 2 in 2022: Get Ready for Rollups, Bridges, New Apps, Life With Ethereum 2.0, and Layer 3
– Decentralization in Crypto Is a Hard to Measure Ideal
– Centralization Caused Most Decentralized Finance Hacks in 2021