The glass is half-empty for Wintermute who have lost 20M OP, worth ~$27.6M at the time of the incident.
The funds were supposed to be sent to Wintermute by the Optimism Foundation in an agreement to act as a market maker ahead of the OP token launch.
According to the Optimism Foundation’s announcement, Wintermute then confirmed receipt of two test transactions, firstly for 1 OP and then for 1M OP, without checking that they had access to the funds.
The remaining 19M OP were sent shortly after the second test transaction on the 27th May.
According to Wintermute’s statement, they notified the Optimism Foundation about their error on 30th May.
The OP launch went ahead regardless on the 1st of June, despite almost 10% of the soon-to-be circulating supply being up for grabs.
An opportunistic anon seized control of the ownerless funds on 5th June.
How did the exploiter gain access?
Once the tokens had been sent, they were sitting out in the open, ready to be taken by anyone who spotted them…
The hint was the fact that the address corresponded to a Gnosis Safe proxy on mainnet, but had no contract deployed to the Optimism address.
Nobody could take control of the address as an EOA, that would require the private key.
However, there was a way to access the funds; anyone could take control of the address by deploying a Gnosis Safe proxy to it.
This is not an easy task, however.
Wintermute state that:
After consulting with the Optimism and Safe teams, Wintermute made the assessment that the funds were potentially retrievable, and that nobody other than Wintermute could recover those funds. The assessment was also that it was a high risk retrieval that could only be attempted once and required Safe to support. Retrieval was scheduled for 7th of June. However, the assumption that the funds can only be recoverable by Wintermute proved to be false.
As Wintermute’s Gnosis Safe on mainnet had been created back in 2020, it was deployed using an old version of the ProxyFactory contract, which includes the out-of-date create opcode, rather than create2.
With create, the deployed proxy address depends only on the ProxyFactory’s address and nonce. This meant that the exploiter could replay deployments on Optimism (setting themself as owner) until the nonce matched the original mainnet deployment and a matching proxy address was created.
This was eventually achieved after running batched deployments of 162 safes at a time, until the matching address was created in this transaction.
Wintermute’s multisig on Ethereum: 0x4f3a120e72c76c22ae802d129f599bfdbc31cb81
Hijacked address on Optimism: 0x4f3a120e72c76c22ae802d129f599bfdbc31cb81
The exploiter’s timing is interesting, as pointed out by yoav.eth:
Funded via Tornado 7 days ago
Then deployed the contract, waited 4 days, and hijacked wintermute's proxy.
Why wait 4 days?
If they were looking to secure their loot, why give Wintermute the extra time to mount a rescue attempt?
The remaining 18M OP have not yet been dumped, is this down to a lack of liquidity or does the exploiter intend to return the funds?
Wintermute aren’t banking on it:
There is hope that it is a whitehat exploit, in which case the remaining funds are potentially recoverable. However we are currently operating under the premise that it is not the case
In the meantime, the Optimism Foundation has provided an additional 20M OP to Wintermute to perform their original market making duties.
Wintermute’s balance sheet aside, there are more wide-reaching concerns raised by this incident.
Having almost 10% of the OP circulating supply in the hands of a bad actor is potentially dangerous for Optimism’s governance processes, something the Foundation is well aware of.
Should this change, the option of “a network upgrade … to halt the movement of those OP tokens” would set a worrying precedent.
Although the mistake was flagged on OP’s launch day, the alert was seemingly ignored by the community. The tweet came hours after the exploiter had funded their address, however, so is unlikely to have been the information to tip-off the incident.
While replacing the 20M OP won’t be a problem for a giant MM such as Wintermute, the carelessness of this incident is alarming.
The funds were sat in an unowned address for 9 days.
In an already struggling market, actions such as these make it hard to remain Optimistic.
If you enjoy our work, please consider donating to our Gitcoin Grant.
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Wintermute have lost over $160M to their second incident this summer. Using a vanity address for "gas savings" has cost them dearly. Last time, funds were returned, will Wintermute get lucky again?
Zero pity. The notorious MEV bot known as 0xbad has fallen on hard times, just like the rest of us. After 75 days of exploiting value from unexpecting users, this mempool menace backfired on its owner, creating a beautiful display of on-chain karma.
The billion that wasn't. Tornado sanctions didn’t deter these Polkadot thieves, who tried to steal ~$1.3B in aUSD from Acala Network.