Optimism loses 20M tokens after L1 and L2 confusion exploited

A desk with a computer on a table Altcoin

Optimism loses 20M tokens after L1 and L2 confusion exploited

Although the airdrop took place less than two weeks ago, problems have already arisen for the vaunted layer-2 scaling solution’s team and market maker.

The honeymoon period for the Optimism layer-2 scaling solution has been cut short, as an exploit in its market maker’s smart contract led to the loss of 20 million OP tokens.

The exploit took place on May 26 but has only just been reported to the community. One million tokens valued at about $1.3 million were sold on Sunday. An additional 1 million tokens valued at about $730,000 were transferred to Vitalik Buterin’s Ethereum address on Optimism earlier today at 12:26 am UTC. The remaining tokens are dormant for now but could be sold at any time or used to sway governance decisions.

OP tokens are the native token for the Optimism layer 2 (L2) blockchain, and a portion of the supply was airdropped to network users on June 1. L2 solutions help alleviate congestion on a layer-1 (L1) blockchain such as Ethereum.

A summary of events from the Optimism team on Thursday detailed how the 20 million OP tokens were intended to be used by the Wintermute crypto market-making firm. After sending two test transactions, the Optimism team sent the full amount of tokens.

However, Wintermute discovered that it could not access the tokens because the smart contract it used to accept the tokens was still on L1 and had not been updated to be deployed on Optimism. This technical oversight opened the contract to an attack, in which a bad actor took control of the contract on the L2 themselves.

As soon as Wintermute became aware of the problem, it “began a recovery operation with the goal to deploy the L1 multisig contract to the same address on L2,” but its attempt to remedy the situation was too late.

Chris Blec, host of the Proof of Decentralization podcast, said the team had considered (but rejected) regaining control of the stolen funds by performing a network upgrade. This meant that, in his view, Optimism (like most decentralized finance projects with admin keys) is “DANGEROUSLY CENTRALIZED.”

Blec also suggested that the most obvious explanation for exploits involves those most closely involved, meaning someone involved with Wintermute may have performed the attack themselves. He asked, “Why is everyone in this space always so opposed to vetting the most obvious possibilities?” There is no evidence at this stage to support this theory.

OP investors have responded negatively to the update, as the token price is down 31.2% trading at $0.76 over the past 24 hours according to CoinGecko.

Rate article
( No ratings yet )