On June 9, Optimism (CRYPTO: OP) reported it suffered a loss of 20 million OP, currently valued at more than $16 million, due to an exploit by a hacker.
What Happened: Major Ethereum (CRYPTO: ETH) layer-2 protocol, Optimism incorrectly sent 20 million OP to the wrong blockchain address.
Wintermute, a crypto market maker, was appointed for the distribution of 20 million OP to Optimism Collective holders as an airdrop. These tokens were transferred to an L1 Wintermute address which was then rendered inaccessible, as the address had not been deployed. Wintermute initially stated the funds, though inaccessible, were protected from foreign reach.
Despite the claim, an anonymous hacker stole all of the 20 million tokens, presently worth $16.6 million. The hacker then proceeded to sell 1 million of these tokens to the public, while retaining 19 million OP. Though this hack occurred on May 26, it wasn't until June 9 that Optimism issued numerous public statements about the event, providing transparency and evaluating current options.
Why It's Important: Optimism stands as one of Ethereum’s most significant L2 protocols. Potentially, the stolen tokens could be misused to affect and alter the governance of Optimism’s DAO.
The primary endeavor of such L2 protocols is to ease any L1 blockchain’s overcrowding. Given Wintermute’s smart contract made to receive the OP tokens remained on L1, it was not compatible to receive the OP tokens sent from an L2 source. This technological vulnerability was exploited by the hacker, as they set off the L1 multisig contract to L2 before Wintermute could secure recovery.
This unfortunate exploit should serve as a tale of caution to emerging L2 protocols to prioritize technical security and compatibility of the different technologies that they deal with.
What’s Next: In response to this loss, Optimism and Wintermute have taken accountability and maintained transparency. Wintermute has announced plans to purchase the tokens sold by the hacker, having already obtained the 1 million OP tokens that were sold to prevent price volatility. Wintermute further stated that if the 19 million OP are returned within a week, it would write off the hack as a white hat event and not take further action.
While both parties have responded by taking liability, maintaining clarity and trying to contact the hacker, the future remains uncertain as the hacker remains silent.