20M $OP Tokens lost following a wallet address mistake
With the imminent launch of their token, Optimism, an Ethereum L2 solution, sent 20 million $OP Token as a loan to Wintermute, a leading crypto market maker, for liquidity provisioning services. But as you expect, this operation didn’t go as planned.
In expectation of the $OP token launch, the Optimism foundation sent to a multisig wallet address, provided by Wintermute, 20 million $OP tokens. For this token transfer, Wintermute provided an ETH L1 multisig wallet address while the reception of the tokens was happening on Optimism, the L2 solution.
Since the multisig wallet wasn’t deployed on Optimism, the tokens were inaccessible to the Wintermute team, this prompted the Optimism Foundation to send them 20 million additional $OP tokens, against a collateral of 50 million $USDC, to continue providing their services for the imminent launch.
In the meantime, a hacker was able to deploy the multisig, with different initialization parameters, on Optimism, gaining access to Wintermute’s multisig and its content at the same time.
This hacker sent 1 million $OP tokens to Ethereum co-founder, Vitalik Buterin, and, sold 1 million $OP, which were later routed through Tornado Cash. The multisig wallet still has 18 million $OP Token and Wintermute’s CEO, Evgeny Gaevoy wrote a message to the hacker asking him to return the tokens in a released statement .
While the issue in itself could have been prevented by deploying the multisig on all the chains where the market maker operates. This fix would still require teams to either deploy on all the existing chains or to keep track of all the multisig deployments. With the blockchain landscape growing, this may require special attention from the teams. Nonetheless, this would require human supervision which adds the risk of human errors.
To mitigate this risk, the Stable Unit core team developed Safe Transfer, a free and open source tool which sets a token allowance that the receiving multisig can claim.
By using Safe Transfer, the Optimism Foundation would have been able to set a token allowance of 20 million $OP for the multi-sig wallet provided by Wintermute.
At the moment, Wintermute, noticed the inability to claim the tokens, they would have been able to revoke the token allowance while they deploy their multisig.
In short, the use of Safe Transfer would have avoided the loss of the 20 million $OP tokens. Read more about Safe Transfer by heading to our article dedicated to the tool here. To start using Safe Transfer today, head to safe-transfer.stableunit.org !
