A few days ago, Optimism Foundation claimed to have sent 20 million OP tokens to Wintermute.
Hey folks–in the interest of transparency, we'd like to share some details about an ongoing situation:https://t.co/915vIgRIJG
Summary below 🧵👇
— Optimism (✨🔴_🔴✨) (@optimismFND) June 8, 2022
Summary
Millions of units of Optimism’s governance token (OP) stolen
The foundation revealed that it had engaged Wintermute as a liquidity service provider for the upcoming launch of the OP token.
Wintermute was awarded a temporary grant of 20 million OP tokens to complete this engagement.
Wintermute’s role in the launch of the OP token would be to facilitate a smoother experience for users purchasing OP to participate in governance.
It is worth noting that in reality, the OP token is already tradable on several exchanges and its value after this announcement dropped from $1.2 to $0.7. It later climbed back up to $0.9, which is 56% lower than the peak reached on its debut day, 1 June.
In fact, the transaction with which the tokens were sent had problems.
Wintermute provided an address to receive the 20 million borrowed OP tokens. The Optimism Foundation sent two test transactions to this address, and after receiving Wintermute’s confirmation, sent the rest of the tokens.
What went wrong with the transaction
Wintermute later discovered that it could not access those tokens, because the address provided was an Ethereum multisig (layer 1) not yet distributed on Optimism (layer 2).
At that point, a recovery operation was launched, but an attacker was able to take advantage of this by taking control of the 20 million OP tokens.
The Optimism Foundation awarded a second short-term grant of 20 million OP to Wintermute so that they could continue their work, but the markets did not like this at all.
The Wintermute team has since pledged to buy back the lost tokens at the same rate as they leave the address where the thief deposited them.
Optimism Foundation and the address of the OP thief
Optimism Foundation is keeping a close eye on this address and so far no movement has been revealed that could impact governance. In total there are just over 200 million OP tokens in circulation, so the 20 million stolen could theoretically impact governance. Should this happen, there will be a focused community discussion to decide how to proceed.
A network upgrade to block stolen OP tokens has been ruled out, however, because Optimism Foundation is not a custodian of these funds and believes that using centralized control to attempt partial recovery would set a dangerous precedent.
At the moment, most of the stolen OP tokens have not been moved.
Optimism Foundation reveals that this is not the first time errors like this have occurred, as not everyone is aware that a layer 2 is different from a layer 1. In fact, they advise never assuming that address control between L1 and L2 is always guaranteed, and to pay special attention to old smart contracts that may not be compatible.