“In preparation for the OP token launch, the Optimism Foundation engaged Wintermute for liquidity provisioning services in an effort to facilitate a smoother experience for users acquiring OP to participate in Collective governance. To carry out this engagement, a temporary grant of 20 million OP tokens was allocated to Wintermute from the Foundation’s Partner Fund,” the blog post by Optimism reads.
However, Wintermute mistakenly provided its Ethereum L1 address which hasn’t been deployed yet on Optimism L2, resulting in funds being locked inaccessible on L1. Wintermute team began a recovery operation, but an anonymous hacker was first to deploy a multisig contract with different initialization parameters and took hold of 20m OP tokens. So far, the attacker has sold off one million tokens, with the other 19m vanishing without a trace.
Wintermute acknowledged their mistake and took full responsibility for the loss, pledging to buy back all stolen OPs. At the same time, the team has urged the hacker to return tokens to the Optimism wallet, offering them potential employment. However, if the attacker doesn’t send back the remaining 19m, the company will trace them and deliver them to the corresponding juridical system. “Remember that robbers need to get lucky every time. Cops only have to get lucky once,” Wintermute warned the hacker.