Wintermute Postmortem

Wintermute / Optimism OP Token Loss — June 2022

The Incident

The Optimism Foundation lost 20 million OP tokens in an incident involving the market-making firm Wintermute. The crypto market-making firm Wintermute lost roughly $17.6 million worth of OP tokens (peaks ~$27.6m) belonging to the Optimism Foundation due to a severe wallet management error.

What Went Wrong

Wintermute had mistakenly provided Optimism with a multi-signature Ethereum address that it had not yet deployed on the Layer 2 network. Due to the mistake, a hacker was able to deploy the multi-signature Gnosis Safe wallet and take control of the funds before Wintermute could finalize a recovery operation.

The mistake Wintermute made was optimistically assuming that control over the multi-signature wallet on the Ethereum mainnet would also mean control over funds received to the same wallet on other EVM compatible chains, as is typically the case with ordinary wallets.

Recovery

17 million OP tokens were returned to an address belonging to Optimism over the course of 17 transactions. According to a tweet from Optimism, 2 million tokens were retained by the attacker as a bounty.

Additional Sources

• https://www.coindesk.com/tech/2022/06/09/15m-of-optimism-tokens-stolen-by-an-attacker-after-wintermute-sent-wrong-wallet-address

• https://www.coindesk.com/business/2022/06/10/optimism-attacker-returns-17m-stolen-op-tokens

• https://thedefiant.io/optimism-20m-exploit

• https://blockworks.co/news/20m-tokens-lost-as-market-maker-wintermute-takes-blame