A mistake by crypto market maker Wintermute has resulted in the loss of 20m Optimism (OP) tokens currently worth USD 17m.
In preparation for the OP token launch, Wintermute was to receive “a temporary grant” of OP 20m for liquidity provisioning services. After successfully sending two test transactions, the Optimism team sent the full amount of tokens.
However, the crypto market maker had mistakenly provided a multi-signature Ethereum (ETH) address that had not yet been deployed on Optimism. Therefore, it was not able to access the tokens, according to a summary of events from the Optimism team.
Wintermute started “a recovery operation with the goal to deploy the [layer 1] multisig contract to the same address on [layer 2],” but it was too late as a bad actor had already taken control of the funds.
“An attacker was able to deploy the multisig to L2 with different initialization parameters before the recovery operation was completed and took control of the 20 million OP tokens,” the team said.
Dovey Wan, a founding partner of Primitive Ventures, an international venture investment firm that invests in blockchain and crypto technologies, called the lapse an “amateur mistake.”
“[W]hat a amateur mistake from Wintermute can’t believe 1. They deployed the multisig contract on the wrong chain 2. Didn’t try send a tx with the fund they received to make sure it’s actually “their fund,” she said. “This is not how you handle you big size multisig recipient.”
She also claimed that Optimism should have postponed their airdrop following the incident.
The company also asked the exploiter to consider being a “whitehat” by returning the remaining 19m tokens within one week. That is because the exploiter had already sold 1m tokens on Sunday.
Following the offer by Wintermute, the exploiter transferred an additional 1 million tokens to Ethereum’s co-founder Vitalik Buterin’s address on Optimism. The remaining OP 18m tokens are dormant for now in this address.
The Optimism team noted that they could have stopped the movement of those OP tokens that have not been sold or transferred by a network upgrade. “We will not take this step at this time due to the precedent it would set,” they added.
In response, Chris Blec, host of the Proof of Decentralization podcast, argued that this shows Optimism is “DANGEROUSLY CENTRALIZED.”
“If they can freeze a thief’s wallet with their multisig, THEY CAN FREEZE YOUR WALLET TOO,” he added.
Source:cryptonews.com