Message to Optimism community from Wintermute

Then, I have one question, why didnt the team deploy a new token contract, stolen token was not live, hence the new one would have invalidated the value of the exploit ? I assume if it leads to delay in airdrop, $20M is worth few hours/day of delay.

Can anyone with more understanding of contract comment on this, was this possible ?

2 Likes

The teams answer to that, is since watermute told them there’s a chance funds were recoverable, they would just continue like nothing happened

1 Like

chuckles, I dont know if this is some kind of joke or not.

I see three option:-

  1. Deploy a new contract once the issue was knows as 20M is quite a significant % of released token supply.
  2. Postpone the airdrop until this is sorted.
  3. Make it public and come clean

and they decided to keep it close. Again, to re-iterate I dont want to involve or even encourage price discussion here. OP is gov token and for me, it has the same value at $0.1 or $1

and I dont buy that wintermute told them its recoverable and they agree with them. With brain force that OP team has, If they did not knew in first few hour if its recoverable or not, no one would.

2 Likes

Post the buy back address here so everyone can easy monitor it.

3 Likes

Transparency is vital. Situation unfortunate. Fingers crossed this works Stay Optimistic!!

3 Likes

Love the firm stance on clawing back the funds.

Appreciative of you [Wintermute] coming to the forum and telling the story from your perspective. Seems to be a complex and impressive attack.

We hope the exploiters see this message and act in their best interest.

3 Likes

please maintain this level of transparency

2 Likes

It’s gonna be ok soon

2 Likes

I worked out a timeline of OP exploit:

Optimism team was notified about the exploited on June 6th. However, it was not disclosed to the public until June 8th. Coincidentally, OP token price topped at 1.3 USD on June 6th. Dropped 20% within a day, and then another 30% the following day. Was there insider trading?

1 Like

I agree, transparency is crucial. some buyback proof would we good.

Totalmente de acuerdo, aumentar la transparencia.

There is no transparency. The mistake was hidden from the public before the token launch. Even after the exploit happened, Optimism team hid this information for additional 2 days while insiders sold OP tokens and caused 40% dump.

I want the community to continue investigation and urge Optimism team to clarify.

(1) Why did it take 2 additional days after the exploit on June 6th to disclose the information?

(2) Was there insiders who, based on information about the exploit not yet available to the public, sold OP tokens before the public announcement on June 8th?

Please find the details in the following post:

2 Likes

Thanks for the transparency.

Can you clarify if this matches your experience?

No shame & not trying to call you out, but I think this is a great learning opportunity. We’re all early and best practices are still developing.

If it’s true that you confirmed two smaller, test transactions before the main one, it suggests an obvious best practice. Always go thru the process of spending / withdrawing assets before greenlighting a major transaction. In this case, that would’ve exposed the issue with much less value at stake. Verifying a test transaction by just viewing it in a block explorer / seeing the account balance go up is insufficient.

2 Likes

Hi everyone, wanted to give an update on the ongoing situation and also provide a response to some common questions/reactions I’ve seen last 24 hours.

Update on current situation

Exploiter is currently in possession of 18 million OP tokens out of 20 he had initially.

We’ve repurchased 1 million tokens to offset what they sold.

1 Million OP tokens has been sent to Vitalik and he has been kind enough to return them to Optimism Foundation.

Some tokens have been delegated by the exploiter, but I don’t see this as a material issue at this stage.

Clarifying some questions

Optimism should have done a better job at checking the transactions to Wintermute.

I’d like to reiterate again that this was 100% our fault. Could Optimism have asked us to perform that check? Yes they could in theory. In practice nobody asks for this ever, including when dealing with large transfers. Protocol is always:
Do a test
Wait for confirmation the test was successful
Send the rest

Our process failed there, but it is excessive to ask the Optimism team to do more in this situation. However, it is certainly a learning point for all of us to potentially do these checks in future where the magnitude of the transfer warrants it.

Can you prove that Wintermute bought 1 million tokens?

If OP token has only been available on decentralized exchanges, such proof would have been easy to provide. However, in our capacity as Market Maker, we are trading OP on 5 major centralized exchanges and some smaller ones as well. I am very open to suggestions on how we can demonstrate this, but ultimately , short of doing an independent audit on Wintermute, there is no way for us to prove this.

I can say one thing though. If we endeavor to buy all 20 million tokens right away, we would push the price higher and open ourselves for a possibility of other trading firms front running us. Moreover, we would give the attacker a possibility to cash out at a better price. Current approach where we only buy what the exploiter sells, makes sure that the price impact over the space of more than a few hours is minimal.

Why didn’t we ask for a network upgrade to fix the mistake

This is a two-part question.

First opportunity to do this was when we realized that the funds were inaccessible. As I’ve written in the original post, the initial assessment has been that the funds can only be recovered by us. Safe team recently posted their own assessment, confirming that:

Back then it seemed feasible that given the possibility of recovery it would make sense to proceed without network upgrade and recover funds later.

Second opportunity arose once we realized that the funds had been taken by the exploiter. I’ve seen questions and even governance proposals to fix this by voting. I strongly believe that “fixing” this by governance vote would have been a mistake, despite potentially saving Wintermute money.

What this would have created is a precedent. Precedent to compensate every single mistake on Optimism in future, that would not stop with transfers gone bad. At Wintermute we strongly believe that this is not the right approach, not just for Optimism, but for all other protocols as well, save for catastrofic events endangering protocol survival.

Accepting to recover funds this way would mean that we would have no right to oppose similar actions done in future. It might sound illogical, but this is the way we approach governance – by broadcasting our values and operating principles and striving to abide by them. If our opinion on this matter changes we would communicate it. We don’t think that our values should change based on an amount that we can afford to lose. I’m well aware that the majority of trading firms do not operate this way and would simply vote in line with their commercial interests. We are different.

Why can’t we make an offer to the attacker to purchase the remaining OP for USDC?

There is a simple legal reason – this would constitute an OTC trade and we are required to KYC our counterparties (to make sure we are not dealing with North Korea or a drug kingpin).

There is also a fairness reason – we don’t think the exploiter should get away with it. We would be legalizing his exploit that way and we don’t think that makes sense.

Message to the exploiter

I realize, I was not necessarily clear what we consider fair in this situation. We are prepared to accept to pay a bounty of 10% of the total amount (so in this case an extra 1 million OP tokens on top of what was already cashed out) and consider this a whitehat hack situation and not to pursue you legally. Remaining 17 million tokens should be returned back to Optimism Foundation at the address:

0x2501c477d0a35545a387aa4a3eee4292a9a8b3f0

If the funds are not transferred by 12PM noon 11th of June, we’ll start sharing the information we already know with the relevant authorities and will not treat this as whitehat.

We will duplicate this message, broadcasting it to 0x4f3a120E72C76c22ae802D129F599BFDbc31cb81 on optimism network

11 Likes

Hello, Vitalik, I believe in you, just want to know your opinion on this. BTW, help to verify the return address and I will return the remaining after you. And hello Wintermute, sorry, I only have 18M and this is what I can return. Stay Optimistic!

Kudos to Azrkhr#1181 on Discord for spotting/sharing.

1 Like

Hackers chose a very sensible channel to solve this! It’s a good thing to pull VB in as an intermediary, but it also shows distrust of optimism and WM, which is not surprising given the appearance of the Oolong incident. I hope that after this incident, Optimism and WM can be more responsible and honest, do a good job in the safety foundation of the project, do a good job in marketing and publicity, and let Optimism return to its correct position!

Thank you for being transparent

2 Likes

Much appreciate the transparency

1 Like

Honesty and transparency are very much appreciated.

1 Like

Great write up and awesome transparency.