Inside Two Recent Exploits This Week; Osmosis and Optimism

This have been an interesting week as far as hacks are concerned well may be not that interesting for those who lost funds in these exploits. First Osmosis network was exploited for $5 million and then the news came of Optimism losing $35 million worth of its native OP tokens. Both hacks however ended well (to some extent), with hackers turning out to be white hat and returning the stolen amount or at least a part of it.

The Osmosis LP exploit was the result of a bug in the liquidity pool that allowed liquidity providers withdraw 150% of the LP tokens from the LP against their deposit. Some people did it intentionally and some did unintentionally. The loss that was worth $5 million forced Osmosis devs to halt the network, In order to stop the bleeding. It was latter discovered a total four accounts were responsible for stealing 95% of the stolen amount.

Out of the four exploiters who got 95% of the drained funds, two came forward voluntarily and have pledged to return the $2million of the stolen funds where as the other two hackers remain at large. As per Osmosis two team members to Firestake validator, while testing out the bug got carried away in the moment and went on to exploit the LP of $2 million. But latter, after reflecting upon their action, they came forward, accepting the mistake on their part and pledged to return the stolen funds.

Optimism exploit was kind of a dramatic one. It started with Optimism sending 20 million of their DAO's OP token to business partner Wintermute. But as it turns out receiving address was not configured to receive the L2 OP tokens, leaving the 20 million OP tokens floating and inaccessible. While both Optimism and Wintermute were in process of figuring out how to recover the stranded tokens, an anonymous hacker stepped in, sweeping away all the tokens.

But to Optimism and Wintermute luck, the anonymous hacker tuned out to be a white hat. Out of 20 million OP tokens stolen, hacker kept 2 million OP tokens as bug bounty, sent 1 million OP tokens to Vitalik as gratitude for his services and returned 17 million of the remaining tokens to Wintermute. Optimism and Wintermute are in process of recovering 1 million OP tokens from Vitalik.

The both hacks ended up with reimbursement of a part of stolen funds, Osmosis got back 40% of the lost funds and Optimism recovered 90%. Despite Osmosis is still left with $3 million deficit, but it's still better than nothing. Optimism on the other hands has been quite lucky, as they got back almost all of their stolen funds courtesy of hacker's good will.

Had the exploiter decided not to return the stolen funds both parties(Optimism and Osmosis) would have had no choice but to involve law enforcements to trace hackers identity in order to recover the stolen funds. But that’s a long shot and chances of recovery are allay thin due to technical difficulty difficulties involved in identifying and tracing crypto related financial crimes. And even if they were identified and traced, apprehending them is still quite difficult. Osmosis will still seek law enforcement's help to recover the remaining $3 million stolen funds, but I wouldn't get my hopes high on that.