Cyber Incident Victim: Optimism Foundation

On June 8, 2022, the cryptocurrency project Optimism disclosed a security incident involving the theft of 20 million OP tokens, valued at approximately $16 million. The theft occurred when an attacker exploited a flawed transaction between Optimism and liquidity provider Wintermute. Wintermute CEO Evgeny Gaevoy publicly addressed the hacker via blockchain message, demanding the return of the tokens within one week and threatening to involve law enforcement and disclose the hacker’s identity if they refused. Blockchain records confirmed the unauthorized transfer of tokens to the attacker’s wallet.

The following day, the hacker initiated the return of most stolen tokens. At approximately 6:00 AM UTC on June 9, the hacker sent a message to Ethereum co-founder Vitalik Buterin through the Optimism blockchain, accompanied by a transfer of 1 million OP tokens. The message requested Buterin’s assistance in verifying a return address and stated an intent to return the remaining tokens, while apologizing to Wintermute and noting only 18 million tokens were available for return. Over the next six hours, the hacker transferred 17 million OP tokens in increments of 1 million to a wallet designated by Gaevoy, which belonged to Optimism and held nearly 30% of all OP tokens. The attacker retained 1 million OP tokens beyond the 1 million already sold via Tornado Cash, leaving their final disposition unclear. Wintermute confirmed the token recovery via Gaevoy’s Twitter post of an upside-down smiley emoji, and Optimism acknowledged receipt while disclosing Wintermute’s commitment to reimbursing the Optimism Foundation. The project classified the unreturned 2 million OP tokens as a bounty. Gaevoy characterized the resolution as instructive for blockchain security practices, emphasizing the need for improved fund transfer protocols and user safeguards. No legal actions or technical vulnerabilities were disclosed in available records.