Optimism Attacker Returns 17M Stolen OP Tokens

The attacker was rewarded with 2 million of the tokens as a bounty.

AccessTimeIconJun 10, 2022 at 3:26 p.m. UTC
Updated Apr 10, 2024 at 2:16 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

The attacker behind the recent theft of 20 million Optimism (OP) tokens returned 17 million of them on Friday. The funds were returned to an address belonging to Optimism, the Ethereum rollup provider, over the course of 17 transactions.

"We see today’s news as a very positive development," Wintermute founder and CEO Evgeny Gaevoy told CoinDesk. "The Optimism foundation has been made whole and can focus on building and growing the ecosystem. The person who discovered the exploit chose to wear a white hat, setting a good precedent for the whole crypto community."

According to a tweet from Optimism, 2 million tokens were retained by the attacker as a bounty.

Before returning the tokens, the attacker sent an on-chain message to Ethereum co-founder Vitalik Buterin stating their willingness to return the full 18 million OP in their possession.

“Hello, Vitalik, I believe in you, just want to know your opinion on this. BTW, help to verify the return address and I will return the remaining after you.
And hello Wintermute, sorry, I only have 18M and this is what I can return.
Stay Optimistic!”

Previously, the attacker cashed out 1 million OP and sent an additional 1 million to Buterin, who is working to return the funds according to Optimism. At press time, 1 million tokens, worth close to $900,000, remained in the attacker’s wallet, blockchain data shows.

Optimism is a layer 2 rollup chain for Ethereum that helps scale the network with its quick transactions and low fees. It launched the OP governance token last month in a bid to shift towards greater community control.

The attacker managed to get a hold of OP tokens that were supposed to go to Wintermute, a crypto market maker that partnered with Optimism for “liquidity provisioning services” in the run-up to the token’s introduction. Trouble came when Wintermute mistakenly provided Optimism with an Ethereum address, rather than an Optimism address, to receive the loaned-out funds.

Before Wintermute could retrieve the funds, the attacker set up their own wallet at the address where Optimism sent the 20 million tokens.

In a statement released two days ago, Wintermute said it would not pursue legal action against the attacker if the funds were returned within a week.

"Wintermute, while having to accept the bounty as a loss, can now fully focus on providing liquidity for the OP token," Gaevoy told CoinDesk on Friday. "We are incredibly grateful to Optimism team for constructively working with us during this crisis and are excited about a number of future initiatives we are looking to do to support Optimism ecosystem."


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Sam Kessler

Sam is CoinDesk's deputy managing editor for tech and protocols. He reports on decentralized technology, infrastructure and governance. He owns ETH and BTC.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about