A hacker becomes white hat – Optimism is one of the hottest second-layer solutions toEthereum. Recently, it unveiled its OP governance token, distributed in part to users via an airdrop. At the same time, 20 million tokens originally intended for the Wintermute company were intercepted by a hacker. After negotiation, the latter has just returned part of the stolen funds.
20 million OP tokens stolen from Optimism
On June 1, the second layer solution Optimism has launched its OP governance token. Approximately 210 million tokens were distributed to early adopters of the protocol through an initial airdrop. In addition, Optimism has distributed several million tokens to different protocols and virtuous companies in the ecosystem.
Thereby, 20 million OP tokens have been allocated to the Wintermute enterprise. The latter was to use these tokens to provide a liquidity supply service. Unfortunately, not everything went as planned.
Indeed, Wintermute communicated an Ethereum multisignature address that was not yet deployed on Optimism. Only, an attacker got ahead of the company. He deployed the address before them and managed to pocket the 20 million OP allocation.
In the aftermath, the attacker sold 1 million OP tokens. Subsequently, he sent an additional million to the Optimism address of Ethereum co-founder Vitalik Buterin.
Following this theft, Wintermute teams issued a message to the attacker, asking him to return the funds. They gave him a week’s notice. After this delay, Wintermute announced to intensify the investigation and share their findings with the competent authorities.
>> Do you remain optimistic despite the hacks? Join FTX (affiliate link) <<
The hacker becomes white hat and returns 17 million tokens
It didn’t take long for the hacker to resurface. Indeed, 2 days after the formal notice published by Wintermute, a series of activities were detected on the attacker’s address.
Faced with the threat of legal action, he preferred to take on the role of white hat returning the funds.
Thus, the latter made a total of 17 transactions, for a respective amount of 1 million OP tokens, to the address of Optimism. Therefore, 17 million out of the 20 million initially stolen have been returned.
However, this one has kept 1 million OP tokens in addition to the million sold following the attack. An operation that does not comply with the request of Wintermute, who had offered the attacker to keep the million tokens initially sold and asked him to return 18 million tokens.
However, Wintermute is not in a position to negotiate. Indeed, the CEO of the company had conceded that the error was entirely their fault. It now remains to be seen whether the company will allow this breach of the rule set out in their formal notice to pass, or whether it will be satisfied with the 17 million tokens.
Unsurprisingly, Vitalik Buterin also returned the million OP tokens the striker sent him.
A juicy bug bounty for the striker
In total, the attacker pocketed almost $2 million in OP tokensa very juicy reward acquired at the expense of Wintermute.
In practice, this represents the maximum reward granted by Optimism in its bug bounty program. Indeed, last January, Optimism set up a bug bounty program in partnership with the Immunefi protocol.
The maximum reward for this program is $2 million. It obviously depends on the severity of the fault detected. Obviously, in this case, the attacker did not go through the Immunefi program and recovered the bug bounty at the source, on the funds stolen from Wintermute.
Although this reward may seem colossal, it turns out to be minimal compared to the rewards pocketed by other attackers. Thus, a hacker recently rescued 70,000 ETH and pocketed a $6 million reward for his good deed.
Hackers can also spot flaws in the code in an effort to preserve your funds. Are you reassured? Don’t wait any longer to take action! Join FTX Now, the leading crypto exchange platform. You will benefit from a lifetime reduction on your trading fees (affiliate link, see conditions on official website).