In preparation for the OP token launch, the Optimism Foundation engaged Wintermute for liquidity provisioning services in an effort to facilitate a smoother experience for users acquiring OP to participate in Collective governance. To carry out this engagement, a temporary grant of 20 million OP tokens was allocated to Wintermute from the Foundation’s Partner Fund.

Wintermute provided an address to receive the borrowed tokens. The Optimism Foundation sent two separate test transactions, and upon Wintermute’s confirmation for each, sent the rest. Unfortunately, Wintermute later discovered they could not access these tokens because they had provided an address for an Ethereum (L1) multisig that they had not yet deployed to Optimism (L2).

Wintermute began a recovery operation with the goal to deploy the L1 multisig contract to the same address on L2. Unfortunately, an attacker was able to deploy the multisig to L2 with different initialization parameters before the recovery operation was completed and took control of the 20 million OP tokens. This address has since sold 1 million tokens, and can easily sell the rest.

<aside> ❄️ The Wintermute team has committed to buying back the tokens lost. They will monitor the address that holds these lost tokens and buy as the address sells. You can read their announcement here: https://gov.optimism.io/t/message-to-optimism-community-from-wintermute/2595

</aside>

Beyond the steps Wintermute is taking to protect our community and remedy the situation, there are also fundamental lessons that are important to drive home. This is not the first time an error like this has occurred in crypto. L1 is confusing enough for most people to navigate, and L2 brings a new set of paradigms over key management and safety, even for experienced crypto users and teams.

We recommend all teams pursuing a cross chain strategy:

  1. Do not assume that address control between L1 and L2 is always guaranteed. Take special care with older smart contract wallets that may not take advantage of create2.
  2. Ethereum is a “dark forest” – whatever can be frontrun, will be frontrun. Move quickly on rescue operations, as you never know who is watching the chain.
  3. Multichain introduces new considerations and issues. App developers should think hard about the multichain context and how an app behaves on multiple chains – especially in the context of deterministic deployments, create2, and context-specific behaviors.

Additional Liquidity Provisioning

The Optimism Foundation has made a second short-term grant of 20 million OP to Wintermute so that they can continue with their work as things unfold. This engagement is temporary in nature. The community should not expect or rely on the Optimism Foundation to support liquidity provisioning efforts in the future.

Impact on Governance

We are keeping an eye on the address. So far there has been no impact on governance. If this changes, we will engage in targeted community discussion at that time, with the benefit of a more comprehensive set of facts.

It should be noted that in principle, a network upgrade could be carried out to halt the movement of stolen OP tokens which have not already been transferred or sold. We elected not to take such steps at this time; ultimately, the Optimism Foundation is not a custodian of these funds, and we believe that using centralized control to attempt a partial recovery would set a significant precedent.

Eyes wide open

The Wintermute team is world class, and incidents like this are the growing pains of an evolving industry. We are grateful for their incredible partnership in doing their part to make the community whole.

This is a reminder to everyone dealing with contracts across different chains that the security assumptions of a particular address or contract on one chain does not necessarily mirror over to another chain, even in the case of two EVM-equivalent chains.

At this time, a majority of the stolen OP funds have not been moved, and both the Optimism and Wintermute teams are monitoring the situation. While this is an ongoing situation and information will likely evolve, we wanted to share this overview with the community now in the spirit of transparency and openness that Optimism is committed to.

Much love to Wintermute for their incredible partnership and leadership in this mitigation, and much love to our community.