Optimism loses 20 million characters after L1 and L2 confusion was exploited

Optimism loses 20 million characters after L1 and L2 confusion was exploited – Mail Bonus

The honeymoon period for the Optimism lag-2 scale solution has been shortened as utilization of the market maker’s smart contract led to the loss of 20 million OP tokens.

The attack took place on May 26 but has only been reported to the community. One million tokens valued at about $ 1.3 million were sold on June 5. An additional $ 730,000 worth of additional tokens were transferred to Vitalik Buterin’s Ethereum address on Optimism earlier today at 12:26 UTC. The remaining icons are currently paused but could be sold at any time or used to change management decisions.

OP tokens are native tokens for optimized Layer-2 (L2) and part of the supply was released to Internet users on June 1st. L2 solutions help reduce the congestion of layer-1 blockchain such as Ethereum.

A summary of events from the optimism team on Thursday revealed how the 20 million OP tokens were intended to be used by the Wintermute cryptocurrency market company. After submitting two test entries, the optimization team sent the full amount of tokens.

However, Wintermute discovered that it could not access the tokens because the smart contract he used to accept the tokens was still on L1 and had not been updated to be used on Optimism. This technical inspection opened the contract for an attack where a bad actor took control of the contract on L2.

As soon as Wintermute became aware of the problem, “it had a recovery operation aimed at sending the L1 multisig contract to the same address on L2,” but the attempt to remedy the situation was too late.

“The attacker was able to set multisig on L2 with different initialization parameters before the recovery operation was completed and took control of 20 million OP tokens.

A multisig contract requires the approval of many key holders to execute a transaction.

In a message to the optimistic community on June 9, Wintermute took full responsibility for the exploits. The company stated that it would carry out OP repurchases equivalent to the amount sold by the profiteer as a way to make the “best effort to smooth out the effects” of price fluctuations.

Wintermute has also offered to accept the incident as a white hat deed if the hacker agreed to return 19 million tokens within a week. This offer was made before the hacker moved another million characters.

Responses to Wintermute’s message applauded the company largely for its transparency in uncovering the case and for taking the blame for what happened.

Connected: Hackers taste their own medicine when society gets stolen NFT back

For a short time, the optimism team has provided Wintermute with an additional $ 20 million in OP funding “so that they can continue their work as things unfold. But the team also pointed out that such market making was temporary.

“Society should not expect or rely on the Optimism Foundation to support future liquidity efforts.”

Host of Proof of Decentralization podcast Chris Blec said the team had counted (but denied) to regain control of stolen funds by performing an online update. This meant that in his opinion, optimism (like most DeFi projects with management keys) is “DANGEROUS CENTRALS”.

Blec also suggested that the most obvious explanation for the heroic deeds included the next ones, meaning that someone connected to Wintermute could have carried out the attack himself. Hann asked, “Why is everyone in this space always so against exploring the most obvious possibilities?” There is no evidence at this stage to support this theory.

OP investors have reacted negatively to the update as the token price has fallen 31.2% in trading at $ 0.76 over the past 24 hours, according to CoinGecko.