In Latest Crypto Hack, 20M Tokens Lost as Market Maker Wintermute Takes Blame

Attacker deployed layer-1 multi-signature technology to the layer-2 before the Wintermute recovery team

article-image

Source: Optimism

share

key takeaways

  • A hacker has acquired 20 million Optimism governance tokens intended for a loan
  • The attacker has since transferred or sold about one million tokens — but that’s likely just the start

The airdrop of first-time governance tokens from Ethereum scaling solution Optimism has gone awry in a major way — thanks to a third-party the collective tapped to provide liquidity.

All told, about 20 million Optimism governance tokens (OP) that were loaned to facilitate transactions were lost, with cryptocurrency market maker Wintermute taking responsibility for the lapse.

The loan was initially deployed on Wintermute’s wallets on Optimism, but Wintermute CEO Evgeny Gaevoy said in a statement that “we made a serious error.” 

Here’s what happened: The wallet address Wintermute used to receive the loan was inaccessible, because it relied on Ethereum layer-1 multi-signature technology that had yet to be deployed to Optimism, which runs as a layer-2. A layer-1 is the foundational function of a given blockchain, while layer-2s are built on top, typically to provide new features or liquidity.

A hacker, meanwhile, took advantage of the technological lapse to transfer the 20 million OP tokens from layer-1 to layer-2, even as Wintermute scrambled to recover the in-limbo funds. The attacker, however, had as of publication only liquidated about a million of the stolen tokens. 

Loading Tweet..

“L1 is confusing enough for most people to navigate, and L2 brings a new set of paradigms over key management and safety, even for experienced crypto users and teams,” Gaevoy said. 

“We are not sure why they chose not to liquidate all of it at once,” Gaevoy said. “There is hope that it is a white hat exploit, in which case the remaining funds are potentially recoverable. However we are currently operating under the premise that it is not the case, since we haven’t received any communication from them and our message on the chain was left unanswered.”

The attacker still owns 19 million OP tokens. Wintermute said the company plans to buy back the tokens once the attacker sells, saying the purchase “can potentially create price volatility in the token,” but that the market maker will “make best efforts to smoothen the effect.”

The Optimism Foundation has not chosen to update its network — likely requiring a hard fork — to halt the movement of stolen OP tokens that have not yet been stolen or sold as the foundation believes that “using centralized control to attempt a partial recovery would set a significant precedent.”

Security flaws and the illicit process of attaining cryptoassets have become a common problem for many platforms, and lawmakers are eager to look for solutions.

It comes down to the hallmark phrase, “Not your keys, not your coins,” Ashton Wolfe, the project lead of Crypto Fight Club, told Blockworks.

“Of course, to protect people’s assets, governments will think that continuously hammering down on regulations will fix this solution,” Wolfe said. “Unfortunately, this still hasn’t worked, because it is a very slow process, and users resent uploading private documents to these counter-parties in order to use the platform.”


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Nillion_DeSci_Report_Template.png

Research

Nillion’s Monad Integration is poised to catalyze the next phase of DeSci’s evolution by eliminating key privacy bottlenecks. This synergy allows researchers, institutions, and DAOs to exchange sensitive data and insights securely while managing governance and payments onchain.

article-image

Celebrating the wisdom of a diamond-handed Bitcoin Legend

article-image

With the success of RWAs and stablecoins, DePINs could onboard the next wave of crypto users

article-image

Is crypto straying too far from things of value?

article-image

Firedancer and Solana ETFs look less significant than before

article-image

The newly passed House bill amplifies that strategic pivot for the Trump administration, from attempting austerity to running the economy hot

article-image

Unable to secure further funding, the game cycled through three different blockchains and at least five different game engines since 2018