The hacker seized 20 million OP tokens (~$17 million) sent by the Optimism Foundation to market maker Wintermute.

The Wintermute team has committed to reclaiming the abused tokens by tracking the address holding them and buying them as the address is sold.

You can find more information about their commitment here: https://t.co/LhlFo65cjs

— Optimism (✨🔴_🔴✨) (@optimismPBC) 8 June 2022

The developers of Ethereum’s L2 scaling solution chose Wintermute as their liquidity provider for centralized exchanges following the OP’s airdrop. On May 30, on the eve of the distribution of the tokens, the Optimism Foundation transferred 20 million OPs to the market maker’s address.

According to the Wintermute team, due to an internal bug, they identified a Gnosis Safe multisig wallet for the Ethereum network for the transaction.

“As some of you may know, it’s unwise to do this – having control of Safe on the mainnet does not guarantee that Safe will be on other compatible chains on the mainnet. EVM (as opposed to regular wallets),” Wintermute explained.

After discovering the lack of funds at the Optimism network address, Wintermute negotiated an additional 20 million OPs with $50 million in collateral.

The market maker has contacted the Gnosis Safe and Optimism teams for a possible refund. Experts concluded that this high-risk operation could be done once and was postponed to 7 June.

However, on June 1, an unknown person attacked the Wintermute address on the L2 network and distributed a Gnosis Safe multi-signature agreement with its own launch parameters. It sold 1 million OPs for ETH and sent the funds to the Tornado Cash mixing service, pulling it to the mainnet via Synapse and Hop bridges.

The Wintermute team has committed to recovering lost funds. They also offered the hacker to return the remaining 19 million OPs.

“We are prepared to view this as a white-hat exploit. Also, his attack method was quite impressive. We may even consider consulting and other forms of cooperation in the future,” they said.

He was given a week to make a positive decision. Otherwise, Wintermute promised to track down and anonymize the hacker, as well as contact law enforcement.

Optimism developers allowed a network update to block the movement of tokens remaining at the address.

In principle, a network upgrade can be performed to stop the movement of OP tokens that have not yet been transferred or sold.

Due to the precedent it will create, we will not take this step at this time. Optimism is a permissive web and has behaved as intended.

— Optimism (✨🔴_🔴✨) (@optimismPBC) 8 June 2022

“We will not take this step at this time as it will set an example. Optimism is an unconstrained web and behaves as intended,” they added.

By June 3, the OP price had risen to levels close to $1.6 and then declined. Against the background of the Optimism Foundation’s release and Wintermute’s statements about the event, bids are currently down to $0.7. At the time of writing, the token is trading around $0.85.

Recall that the optimism team patched a critical vulnerability in February. Programmer Jay Freeman who discovered the bug was rewarded with $2 million.