Message to Optimism community from Wintermute

Hi Optimism Community. On behalf of Wintermute I wanted to explain the recent events surrounding wallet 0x4f3a120E72C76c22ae802D129F599BFDbc31cb81. I’ll aim to be as factual as possible, focusing on full transparency and making sure every Optimism stakeholder is on the same page with the current situation as well as making it clear what our actions are going forward.

Timeline of events

Two weeks ago, Wintermute was engaged by the Optimism Foundation to provide liquidity in the OP token upon its listing on centralized exchanges. As part of the agreement Wintermute received a 20 million loan in OP.

Initially the loan was to be deployed on one of the Wintermute’s wallets on Optimism. As we communicated the wallet address to the Optimism team, we made a serious error. We had a Gnosis safe deployed on mainnet for a while and due to an internal mistake, we’ve communicated the very same wallet as the receiving address. As some of you may know, this is not a smart thing to do - having control over mainnet Safe doesn’t guarantee control on other EVM compatible chains (unlike ordinary wallets).

We notified the Optimism team on the 30th of May. Since the launch next day was a clear priority we agreed on receiving additional 20 million tokens (providing $50 million USDC as collateral), all while exploring ways to retrieve the funds. At the same time we got in contact with the Gnosis Safe team, asking them for assistance with retrieving the funds. After consulting with the Optimism and Safe teams, Wintermute made the assessment that the funds were potentially retrievable, and that nobody other than Wintermute could recover those funds. The assessment was also that it was a high risk retrieval that could only be attempted once and required Safe to support. Retrieval was scheduled for 7th of June. However, the assumption that the funds can only be recoverable by Wintermute proved to be false.

Exploit

Somebody has done their homework well, however. In less than 24 hours after we notified Safe and Optimism about the situation, wallet 0x8BcFe4f1358E50A1db10025D731C8b3b17f04DBB has been funded via tornado cash transfer. It proceeded with performing a replay attack by replaying the Gnosis Safe MasterCopy 1.1.1 deployment from Eth mainnet. They then used the previously deployed contract 0xE7145dd6287AE53326347f3A6694fCf2954bcD8A to deploy vaults per batches of 162. The hacker then proceeded with selling 1m OP tokens for ETH and withdrew back to L1 via Synapse and Hop bridges to then use tornado cash on mainnet.

What we are planning to do about it

As of the time of this writing, the attacker still has 19 million OP tokens in their possession. We are not sure why they chose not to liquidate all of it at once. There is hope that it is a whitehat exploit, in which case the remaining funds are potentially recoverable. However we are currently operating under the premise that it is not the case, since we haven’t received any communication from them and our message on the chain was left unanswered.

We want to make one thing clear - the initial error is 100% Wintermute’s fault and as such we will proceed to buy OP every time the attacker sells it to make the protocol whole eventually (we did initiate buying the first million OP tokens yesterday already). We understand that it can potentially create price volatility in the token and will make best efforts to smoothen the effect.

Message to the exploiter

We expect the exploiter to read this as well (eventually). This is our message to you:

We are open to see this as a white hat exploit. Moreover, the way the attack has been performed has been rather impressive and we can even consider consulting opportunities or other forms of cooperation in future. We are also content with the scenario where the remaining 19 million tokens are returned to Optimism wallet:

0x2501c477d0a35545a387aa4a3eee4292a9a8b3f0

You have one week to consider being a whitehat. In case the above doesn’t happen, we are 100% committed to returning all the funds, tracking the person(s) responsible for the exploit, fully doxxing them and delivering them to the corresponding juridical system. Remember that robbers need to get lucky every time. Cops only have to get lucky once. This is not a “code is law” theoretical argument. This is you taking a bag with cash that was left behind by a (careless) person. Us being careless still leaves you a criminal. We already started investigating the potential leads, in certain cases stopping short of informing respective law enforcement agencies. Consider your options and choose to be good and optimistic instead of living in fear

Thanks @wishful_cynic for the transparency and accountability, we appreciate it.

Thank you for the transparency, for accepting responsibility, and for the buyback commitment.

Wishing your team the best with the recovery.

Thank you for being transparent.

Good luck.

kudos for taking the responsibility and for being transparent.

Great insider job. No way any hacker would know this issue and take advantage of it. unless…insider informs the hacker to do it.

FireEyes appreciates the accountability and commitment @wishful_cynic & Wintermute have taken here - Although these events are a clearly a serious oversight, taking the steps outlined above will make the community whole again.

Multiple people found the mint contract before the front-end went live allowing them to claim their OP early as the contract wasn’t paused initially. If they could find the contract, someone could doubtlessly find 20M $OP sitting at an unclaimed address on Optimism L2.

Wintermute has acknowledged the error, taken responsibility, and promised to take the actions needed to make the community whole. Far more than what we would get outside crypto space. So, kindly go away with your insults and deal with your disappointment + frustration healthily next time.

Wintermute team,

Please see this proposal -

https://gov.optimism.io/t/questions-on-wintermutes-mistake-and-wintermute-are-you-ready-to-make-an-offer-offer-to-the-attacker-they-send-you-19m-op-you-send-them-usdc-problem-solved/2601/2

Your inputs are appreciated. Thank you.

Have you made a bug bounty offer to the hacker to see if they would return the funds? How will the employee who made the error be reprimanded?

Your transparency is appreciated.

Wow…Thank you for making such a major commitment for Optimism
Good luck

He never saw Molly again.

It’s way easier than you think, but when a new anything launches there are people looking to understand it for the primary purpose of exploiting it.

No one is a criminal, Wintermute are the only one to blame.

They told Optimism to send the funds to an address they didn’t own, this is ridiculous

Hope Optimism will be pass this situation strong community and developer.
Code bless you.

Thank you for the transparency. I really hope the owner will act as a white hat and both parties settle this problem quickly in the interest of both.

In any case, this is a persistent debt on the part of the Wintermute company. Is there any ongoing aggrement to guarantee that even after the years and the market stage, Wintermute will meet its obligations? For example by providing more additional collateral to the Optimism Foundation for this purpose.

If there is information in this regard that can be shared, to continue with transparency in procedures, it would be appreciated.

(In the same way we expect the governance&community can follow more closely this type of agreements in the future [for provision of liquidity and similar] to ensure that everything is OK if possible).

Thank you for being transparent.

Thank you for the transparency.

Optimism is not just in name but also in deeds. Thanks a lot. Go ahead.

Instead of having us trust that you will buyback the stolen tokens, will you be exploring ways to uphold this promise using smart contracts instead?

why is everyone thanking these guys!?This should have been mentioned to the community way before this and this is not how transparency works. As the community is very disappointed in the teams and how things were handled up to this point. Market makers dumping the price in order to buy back ( the reality of what is happening so far) is not a great thing for a project. Optimism was a great concept and we had high hopes for this; the community have now lost the trust. Now there will be plenty of guys from both teams coming here and slamming this message saying this and that. Go for it! - Reality is the teams should have been transparent before this! They should have communicated this within 48 hrs max. Those who knew already cashed out of the air drop and now talking about getting the next one. unbelievable ! Keep in mind the market makers are not here on goodwill. They will make their money one way or another. This is just wrong on so many levels.