Optimism loses 20M tokens due to the exploitation of L1 and L2 misunderstanding.
Layer-2 scaling solution’s team and market maker are having issues just a couple of weeks after the airdrop.
Because of a flaw in its market-smart maker’s contract, 20 million OP tokens were stolen during the Optimism layer-2 scaling solution’s honeymoon phase.
The bug was discovered on May 26, but only now has it been made public. On Sunday, one million tokens worth around $1.3 million were sold. In addition, at 12:26 a.m. UTC, 1 million tokens worth around $730,000 were sent to Vitalik Buterin’s Ethereum address on Optimism. The remaining tokens are now inactive, but they might be sold or used to influence governance at any moment.
On June 1, a part of the number of OP tokens, the native token of the Optimism layer 2 (L2) blockchain, was airdropped to network members. Congestion on a layer-1 (L1) blockchain, such as Ethereum, may be relieved by L2 solutions.
On Thursday, the Optimism team released a summary of events that outlined how the Wintermute crypto market-making business planned to utilise the 20 million OP tokens. The Optimism team delivered the whole number of tokens after submitting two test transactions.
On the other hand, Wintermute discovered that the smart contract used to accept tokens were still on L1 and hadn’t been updated to work on Optimism. A bad actor was able to take control of the contract on the L2 as a result of this technological error.
Wintermute attempted to fix the issue as soon as it became aware of it, but it was too late; the L1 multisig contract had already been deployed to the identical address on L2.
Prior to the recovery operation’s completion, an attacker was able to deploy the multisig to L2 with a new initialization setting and therefore gain possession of the 20 million OP tokens. To carry out a transaction under a multisig contract, the consent of several key holders is required.