Menu
Browse

Cyber Threat Actor: Optimism Hacker

Actor Type Location Known Incidents
 Icon
Hacker
United States of America
1 incident
Profile

The threat actor known as the Optimism Hacker operates under that alias and has been publicly associated with the United States of America as their known location. No additional aliases or affiliations have been disclosed in open sources. The actor’s identity remains tied primarily to the single incident that brought them to public attention.

The actor’s activity has been observed targeting decentralized finance platforms, specifically the Optimism blockchain and its associated liquidity providers. In the reported incident, the actor exploited a flawed transaction involving the liquidity provider Wintermute to obtain a large quantity of OP tokens. The method relied on manipulating a transaction process rather than deploying malware or using conventional initial access vectors such as phishing or exploit kits. No specific malware families, toolkits, or intrusion frameworks have been referenced in connection with this actor’s operations.

Attribution to a geographic location is based on the publicly stated location of the United States of America, with no evidence linking the actor to any state‑sponsored group or criminal consortium. The most notable publicly reported operation occurred on June 9 2022, when the actor stole twenty million OP tokens from Optimism, subsequently returning seventeen million, sending one million to Tornado Cash, and retaining two million, which the project later characterized as a bounty. This episode remains the sole documented campaign attributed to the Optimism Hacker in available sources.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources