Summary:
We wanted to take a moment to address the recent incident that resulted in the loss of 20M Optimism tokens.
To be clear, this situation did not originate from any vulnerabilities in Optimism or Gnosis Safe. It was made possible due to funds being sent to a Safe address on the wrong network (user error).
A third-party was able to take control of this address because of two facts:
This situation highlights the complexities of living in a multi-chain world and the need to introduce better standards to protect users wherever possible.
To follow this incident it is important to understand that a Gnosis Safe account (multi-sig) is a smart contract-based account that is deployed on a specific blockchain network.
While Gnosis Safe supports several different networks, a specific Safe is only deployed on one of them at a time. We make this clear in the UI by highlighting the network at any point and mentioning to only send assets on this specific network. Additionally we also introduced EIP-3770 chain-specific addresses in 2021, encoding the network of a Safe as part of the address itself (see “oeth:...” below).
Optimism transferred 20M OP tokens via the Optimism network to an address provided by Wintermute, not knowing that this address was a Gnosis Safe deployed on Mainnet only. Even though there was a test transaction made before transferring the full amount, the fact that the tokens have been received at the correct address did not mean that Wintermute actually controlled this recipient address . This led to 20M OP tokens being sent to an address that neither the Optimism nor Wintermute team had access to.
First investigations lead to the conclusion that the funds were not lost, but could be recovered by also deploying the old v1.1.1. Safe contract on Optimism. The assumption was that only Wintermute could eventually recover the funds. However, this assumption was incorrect as Optimism did not enforce EIP-155 replay protection, leading to the loss of 20M OP.