Vitalik Buterin Was Surprised, Optimism Hacker Sends Him 1 Million OP Tokens

On Wednesday (8) hacker attack resulted in the theft of 20 million OP tokens from Optimism, a layer 2 solution for ETH.

According to reports, the hacker took advantage of a flaw in a market maker called Wintermute and managed to get hold of the tokens.

Hacker Sends 1 Million OP Tokens to Vitalik Buterin

The community believed that the hacker would either sell all the tokens or use them to interfere with Optimism’s governance. However, something more surprising than that happened. The hacker sent around 1 million OP tokens to the wallet of Vitalik Buterin, co-founder of Ethereum.

The information was revealed by blockchain security firm PeckShield. According to Etherscan data, the transfer took place at 00:26 UTC. At that time, the attacker sent tokens worth around $874,000 to Buterin.

#PeckShieldAlert ~1m $OP transfered to @VitalikButerin from Wintermute/OP exploiters https://t.co/U1c2MyeObE pic.twitter.com/wdLOd0XveC

— PeckShieldAlert (@PeckShieldAlert) June 9, 2022

Furthermore, the hacker also delegated voting rights for the 1 million tokens sent to ETH Foundation security researcher Yoav Weiss.

In his defense, Weiss said he was not the hacker. But he suggested that the attacker might be a whitehat hacker. That is, a “good” hacker, who identifies vulnerabilities in protocols.

And the plot thickens. As I was writing this explainer, the attacker delegated the 1M OP voting power to *me*: https://t.co/75VPmS91J5

Thank you for delegating 🙂

Hint: no, I'm not the attacker and I don't know who is. But now guessing it's a whitehat.

— yoav.eth (@yoavw) June 9, 2022

About the attack

It all started when the Optimism Foundation, the company responsible for the OP token, left the 20 million tokens in wallets within the Wintermute protocol.

It should be clarified that despite being a second layer of the ETH (ETH) network, Optimism has its own wallet addresses. That is, whoever wants to send or receive OP tokens needs to be connected to the second layer of ETH.

And that was precisely the mistake made by Wintermute, who sent the address wrongly. Instead of sending them on Layer 2 (Optimism), the address was initialized only on Layer 1 (ETH).

In other words, Wintermute sent an incompatible address to receive the OP tokens. And, naturally, the transaction failed.

However, instead of the funds being lost, a hacker was able to take advantage of the flaw and initialize the wallet, taking possession of the tokens.

As a result of the glitch and the hacking attack, the price of the OP token plummeted from around $1 to a bottom of $0.72. Therefore, a drop of almost 30% in a few hours.