Hi everyone, wanted to give an update on the ongoing situation and also provide a response to some common questions/reactions I’ve seen last 24 hours.
Update on current situation
Exploiter is currently in possession of 18 million OP tokens out of 20 he had initially.
We’ve repurchased 1 million tokens to offset what they sold.
1 Million OP tokens has been sent to Vitalik and he has been kind enough to return them to Optimism Foundation.
Some tokens have been delegated by the exploiter, but I don’t see this as a material issue at this stage.
Clarifying some questions
Optimism should have done a better job at checking the transactions to Wintermute.
I’d like to reiterate again that this was 100% our fault. Could Optimism have asked us to perform that check? Yes they could in theory. In practice nobody asks for this ever, including when dealing with large transfers. Protocol is always:
Do a test
Wait for confirmation the test was successful
Send the rest
Our process failed there, but it is excessive to ask the Optimism team to do more in this situation. However, it is certainly a learning point for all of us to potentially do these checks in future where the magnitude of the transfer warrants it.
Can you prove that Wintermute bought 1 million tokens?
If OP token has only been available on decentralized exchanges, such proof would have been easy to provide. However, in our capacity as Market Maker, we are trading OP on 5 major centralized exchanges and some smaller ones as well. I am very open to suggestions on how we can demonstrate this, but ultimately , short of doing an independent audit on Wintermute, there is no way for us to prove this.
I can say one thing though. If we endeavor to buy all 20 million tokens right away, we would push the price higher and open ourselves for a possibility of other trading firms front running us. Moreover, we would give the attacker a possibility to cash out at a better price. Current approach where we only buy what the exploiter sells, makes sure that the price impact over the space of more than a few hours is minimal.
Why didn’t we ask for a network upgrade to fix the mistake
This is a two-part question.
First opportunity to do this was when we realized that the funds were inaccessible. As I’ve written in the original post, the initial assessment has been that the funds can only be recovered by us. Safe team recently posted their own assessment, confirming that:
Back then it seemed feasible that given the possibility of recovery it would make sense to proceed without network upgrade and recover funds later.
Second opportunity arose once we realized that the funds had been taken by the exploiter. I’ve seen questions and even governance proposals to fix this by voting. I strongly believe that “fixing” this by governance vote would have been a mistake, despite potentially saving Wintermute money.
What this would have created is a precedent. Precedent to compensate every single mistake on Optimism in future, that would not stop with transfers gone bad. At Wintermute we strongly believe that this is not the right approach, not just for Optimism, but for all other protocols as well, save for catastrofic events endangering protocol survival.
Accepting to recover funds this way would mean that we would have no right to oppose similar actions done in future. It might sound illogical, but this is the way we approach governance – by broadcasting our values and operating principles and striving to abide by them. If our opinion on this matter changes we would communicate it. We don’t think that our values should change based on an amount that we can afford to lose. I’m well aware that the majority of trading firms do not operate this way and would simply vote in line with their commercial interests. We are different.
Why can’t we make an offer to the attacker to purchase the remaining OP for USDC?
There is a simple legal reason – this would constitute an OTC trade and we are required to KYC our counterparties (to make sure we are not dealing with North Korea or a drug kingpin).
There is also a fairness reason – we don’t think the exploiter should get away with it. We would be legalizing his exploit that way and we don’t think that makes sense.
Message to the exploiter
I realize, I was not necessarily clear what we consider fair in this situation. We are prepared to accept to pay a bounty of 10% of the total amount (so in this case an extra 1 million OP tokens on top of what was already cashed out) and consider this a whitehat hack situation and not to pursue you legally. Remaining 17 million tokens should be returned back to Optimism Foundation at the address:
If the funds are not transferred by 12PM noon 11th of June, we’ll start sharing the information we already know with the relevant authorities and will not treat this as whitehat.
We will duplicate this message, broadcasting it to 0x4f3a120E72C76c22ae802D129F599BFDbc31cb81 on optimism network