The honeymoon period for Optimism’s Level 2 scaling solution was cut short as an exploit in its market maker’s smart contract resulted in the loss of 20 million OP tokens.

- Advertisement -

use happened on May 26th but has just been reported to the community. One million tokens worth about $1.3 million were sold on June 5th. Another million tokens worth about $730,000 were sold. translated to Vitalik Buterin’s Ethereum address on Optimism earlier today at 00:26 UTC. The remaining tokens are dormant for now, but can be sold at any time or used to change management decisions.

- Advertisement -

OP tokens are native tokens for Optimism Layer-2 (L2), and part of the supply was distributed to network users on June 1st. L2 solutions help reduce congestion on a layer 1 blockchain like Ethereum.

- Advertisement -

Summary Developments of the Optimism team on Thursday detailed how the 20 million OP tokens were intended to be used by cryptocurrency marketplace firm Wintermute. After sending two test transactions, the Optimism team sent the full amount of tokens.

However, Wintermute found that it could not access the tokens because the smart contract it used to accept the tokens was still on L1 and had not been updated to deploy to Optimism. This technical oversight opened the contract to an attack in which the attackers themselves took control of the L2 contract.

As soon as Wintermute became aware of the problem, it “launched a recovery operation to deploy the L1 multisignature contract to the same address on L2”, but its attempt to fix the situation was too late.

“The attacker was able to deploy a multi-signature on L2 with different initialization parameters before the restore operation was complete and gained control of 20 million OP tokens.”

A multi-signature contract requires the approval of multiple key holders in order to complete a transaction.

the 9th of June message According to the Optimism community, Wintermute took full responsibility for the exploit. The firm said it would make OP buyouts equal to the amount the exploiter sells as a means to “do what we can to mitigate the effects” of price volatility.

Wintermute also offered to accept the incident as a white hat exploit if the hacker agreed to return 19 million tokens within one week. This offer was made before the hacker transferred another million tokens.

Responses to the Wintermute post have mostly applauded the firm for being transparent in disclosing the issue and for taking the blame for what happened.

Hacker tries his own cure as community returns stolen NFTs

In the short term, the Optimism team has given Wintermute an additional 20 million OP grant “to enable them to continue their work as things unfold.” But the team also pointed out that such efforts to create a market are temporary.

“The community should not expect or rely on the Optimism Foundation to support future liquidity efforts.”

Proof of Decentralization podcast host Chris Black said the team counts (but rejected) regaining control of the stolen funds by upgrading the network. This meant that, in his opinion, Optimism (like most DeFi projects with admin keys) is “DANGEROUSLY CENTRALIZED.”

Black also suggested that the most obvious explanation for the exploits involved those who were most closely associated, meaning that someone associated with Wintermute may have carried out the attack themselves. He asked“Why is everyone in this space always so against testing the most obvious possibilities?” At this stage, there is no evidence to support this theory.

OP investors reacted negatively to the update as the price of the token fell 31.2% to trade at $0.76 in the last 24 hours. CoinGecko.