Hi Optimism Community. On behalf of Wintermute I wanted to explain the recent events surrounding wallet 0x4f3a120E72C76c22ae802D129F599BFDbc31cb81. I’ll aim to be as factual as possible, focusing on full transparency and making sure every Optimism stakeholder is on the same page with the current situation as well as making it clear what our actions are going forward.
Timeline of events
Two weeks ago, Wintermute was engaged by the Optimism Foundation to provide liquidity in the OP token upon its listing on centralized exchanges. As part of the agreement Wintermute received a 20 million loan in OP.
Initially the loan was to be deployed on one of the Wintermute’s wallets on Optimism. As we communicated the wallet address to the Optimism team, we made a serious error. We had a Gnosis safe deployed on mainnet for a while and due to an internal mistake, we’ve communicated the very same wallet as the receiving address. As some of you may know, this is not a smart thing to do - having control over mainnet Safe doesn’t guarantee control on other EVM compatible chains (unlike ordinary wallets).
We notified the Optimism team on the 30th of May. Since the launch next day was a clear priority we agreed on receiving additional 20 million tokens (providing $50 million USDC as collateral), all while exploring ways to retrieve the funds. At the same time we got in contact with the Gnosis Safe team, asking them for assistance with retrieving the funds. After consulting with the Optimism and Safe teams, Wintermute made the assessment that the funds were potentially retrievable, and that nobody other than Wintermute could recover those funds. The assessment was also that it was a high risk retrieval that could only be attempted once and required Safe to support. Retrieval was scheduled for 7th of June. However, the assumption that the funds can only be recoverable by Wintermute proved to be false.
Somebody has done their homework well, however. In less than 24 hours after we notified Safe and Optimism about the situation, wallet 0x8BcFe4f1358E50A1db10025D731C8b3b17f04DBB has been funded via tornado cash transfer. It proceeded with performing a replay attack by replaying the Gnosis Safe MasterCopy 1.1.1 deployment from Eth mainnet. They then used the previously deployed contract 0xE7145dd6287AE53326347f3A6694fCf2954bcD8A to deploy vaults per batches of 162. The hacker then proceeded with selling 1m OP tokens for ETH and withdrew back to L1 via Synapse and Hop bridges to then use tornado cash on mainnet.
What we are planning to do about it
As of the time of this writing, the attacker still has 19 million OP tokens in their possession. We are not sure why they chose not to liquidate all of it at once. There is hope that it is a whitehat exploit, in which case the remaining funds are potentially recoverable. However we are currently operating under the premise that it is not the case, since we haven’t received any communication from them and our message on the chain was left unanswered.
We want to make one thing clear - the initial error is 100% Wintermute’s fault and as such we will proceed to buy OP every time the attacker sells it to make the protocol whole eventually (we did initiate buying the first million OP tokens yesterday already). We understand that it can potentially create price volatility in the token and will make best efforts to smoothen the effect.
Message to the exploiter
We expect the exploiter to read this as well (eventually). This is our message to you:
We are open to see this as a white hat exploit. Moreover, the way the attack has been performed has been rather impressive and we can even consider consulting opportunities or other forms of cooperation in future. We are also content with the scenario where the remaining 19 million tokens are returned to Optimism wallet:
You have one week to consider being a whitehat. In case the above doesn’t happen, we are 100% committed to returning all the funds, tracking the person(s) responsible for the exploit, fully doxxing them and delivering them to the corresponding juridical system. Remember that robbers need to get lucky every time. Cops only have to get lucky once. This is not a “code is law” theoretical argument. This is you taking a bag with cash that was left behind by a (careless) person. Us being careless still leaves you a criminal. We already started investigating the potential leads, in certain cases stopping short of informing respective law enforcement agencies. Consider your options and choose to be good and optimistic instead of living in fear