Optimism Loses 20 Million Tokens After Exploiting L1 and L2 Confusion | Cryptocurrency

Although the airdrop was less than two weeks ago, problems have already arisen for the team and market maker of the much-vaunted Layer 2 scaling solution.

The honeymoon period for Optimism’s layer 2 scaling solution has been cut short as an exploit in its market maker’s smart contract resulted in the loss of 20 million OP tokens.

The exploit took place on May 26 but has only just been reported to the community. One million tokens worth around $1.3 million were sold on June 5. Another 1 million tokens worth around $730,000 were transferred to Vitalik Buterin’s Ethereum address on Optimism earlier today at 00:26 UTC. The remaining tokens are dormant at this time but could be sold at any time or used to influence governance decisions.

OP tokens are the native Optimism Layer-2 (L2) token and part of the supply was airdropped to network users on June 1st. L2 solutions help reduce congestion on a layer 1 blockchain such as Ethereum.

A summary of events from the Optimism team on Thursday detailed how the 20 million OP tokens were to be used by crypto market making firm Wintermute. After sending two test transactions, the Optimism team sent the total number of tokens.

However, Wintermute discovered he couldn’t access the tokens because the smart contract he was using to accept the tokens was still on L1 and hadn’t been updated to deploy to Optimism. This technical oversight opened the contract up to an attack in which a bad actor took control of the contract from the L2 themselves.

As soon as Wintermute became aware of the problem, it “began a recovery operation with the goal of deploying the L1 multisig contract to the same address on L2”, but its attempt to remedy the situation was too late.

An attacker was able to deploy the multisig on L2 with different initialization parameters before the fetch operation completed and took control of the 20 million OP tokens.

A multisig contract requires approval from multiple keyholders to execute a transaction.

In a June 9 post to the Optimism community, Wintermute took full responsibility for the exploit. The company said it would make PO buybacks equal to the amount sold by the exploiter to do “its best to mitigate the effects” of price volatility.

Wintermute also offered to accept the incident as a white hat exploit if the hacker agreed to return 19 million tokens within a week. This offer was made before the hacker transferred another million tokens.

Responses to Wintermute’s post mostly applauded the company for being transparent in disclosing the issue and accepting blame for what happened.

In the short term, the Optimism team gave Wintermute an additional grant of 20 million OP “so that they can continue their work as things unfold”. But the team also stressed that these market-making efforts are temporary.

The community should not expect or rely on the Optimism Foundation to support cash supply efforts in the future.

Proof of Decentralization podcast host Chris Blec said the team considered (but rejected) regaining control of the stolen funds by performing a network upgrade. This meant that in his opinion, Optimism (like most DeFi projects with admin keys) is “DANGEROUSLY CENTRALIZED”.

Blec also suggested that the most obvious explanation for the exploits involves the people most closely involved, meaning someone involved in Wintermute may have carried out the attack themselves. He asked, “Why is everyone in this space always so opposed to looking at the most obvious possibilities? There is no evidence at this point to support this theory.

OP investors responded negatively to the update as the price of the token fell 31.2%, trading at $0.76 in the last 24 hours according to CoinGecko.



We want to thank the author of this short article for this amazing material

Optimism Loses 20 Million Tokens After Exploiting L1 and L2 Confusion | Cryptocurrency


Find here our social media profiles , as well as other related pageshttps://metfabtech.com/related-pages/