A Review of the Hack: Did You Lose Control Over Your Layer 2 Address?
A few days ago, Ropsten, Ethereum’s largest testnet, completed its merge, which indicates that the Ethereum mainnet will soon go through the merge. Users and investors are all gearing up for a boom in blockchain technology. In his speech at the ETH Shanghai Web 3.0 Summit held in May, Vitalik Buterin said that after the merge, Ethereum will not see a significant improvement in its TPS, and it will still rely on Danksharding (a sharding solution) and the Rollup-enabled Layer 2 solution to jack up the network’s TPS to 80,000. Vitalik’s recognition of Rollup comes as a solid proof that Layer 2 will be a critical part of Ethereum’s scaling solution.
Moreover, Optimism, one of the top four Layer 2 protocols, took the lead and airdropped tokens, which started a new airdrop craze in the crypto market. Following the airdrop, plenty of users started to try out Layer 2 projects such as Arbitrum, zkSync, and Starknet, hoping that they could benefit from the next Layer 2 airdrop.
However, not long after the airdrop, Optimism and the crypto market maker Wintermute said that 20 million OP tokens were stolen by hackers. To be more specific, the Optimism Foundation sent 20 million OP tokens to Wintermute for market making. Yet, Wintermute found that the receiving address that it sent to Optimism was a Layer 1 address, and it could not control the corresponding Layer 2 address. Meanwhile, before Wintermute could deploy the Layer 2 address using different initialization parameters, the hackers launched their attack and emptied the OP tokens in the account.
At this point, some users got worried. Wait, don’t Layer 1 and Layer 2 share the same address? If so, why did Wintermute lose its control over the 20 million OP tokens from Optimism? And how could the hackers get hold of the address?
As we all know, using a Layer 2 project (e.g. Optimism) via a crypto wallet normally involves the following steps:
- Add Optimism to a wallet that supports Layer 2;
- Deposit Ethereum mainchain’s ETH to the Optimism address through Optimism Bridge;
- Start using applications built on Optimism. Users can also withdraw assets through Optimism Bridge at any time.
It is clear from the above steps that when trying out Layer 2 projects, users don’t need to register a new wallet. Instead, they can add the target network to an existing wallet because the wallet account users have on Ethereum can normally be directly used for Layer 2. That said, what went wrong with Wintermute’s account?
For security concerns, Wintermute used a multisig wallet. Crypto wallets that we normally use are often singlesig wallets, and we would lose control over the wallet once the private key is leaked or forgotten. Multisig wallets, on the other hand, provide enhanced security. For instance, if the 2-of-3 multisig scheme is adopted, then the multisig address will correspond to 3 private keys, and a crypto transfer can be completed as long as 2 of them are offered for signature authorization, which not only prevents a “single point of failure” but also enables the co-management of funds by DAOs or institutional users.
Regular BTC addresses are created by hashing the public key, while multisig addresses are based on script hash, which is why Bitcoin inherently supports multisig. However, this is not the case with Ethereum, and ETH users rely on smart contracts to enable multisig. The easier technical implementation has made multisig BTC wallets more prevalent to some extent.
As such, there are two types of Ethereum accounts: 1) externally owned accounts controlled by the private key, which are the ones we normally use, and 2) contract accounts controlled by smart contract codes, which enable multisig Ethereum wallets.
Let’s go back to Wintermute. After the hack, Kelvin Fichter, an Ethereum developer, tweeted: “Users often assume that any account they can access on Ethereum will also be accessible on other EVM-based chains. For externally owned accounts (aka non-contract accounts), this is generally true. The same does not necessarily apply to smart contract accounts. Contracts can be created at the same address on different chains with completely different code and, as a result, completely different owners.” Therefore, based on the creator address and nonce, hackers can generate an address that’s the same as Wintermute’s L1 address simply by trying different nonces.
Looking back on the hack, we can tell that Wintermute suffered a huge loss due to its own lack of understanding about L2 and multisig wallets. Fortunately, the hackers returned 17 million OP tokens, and the 1 million OP tokens transferred to Vitalik’s address have also been sent back to Optimism. Meanwhile, the hackers did keep 2 million OP tokens as a bounty.
The hack also provides a lesson for all of us. We should all keep our wallets safe. In particular, before receiving cryptos on a new public chain or the Layer 2 network, please confirm that you have control of an account, and do not just assume that it is the case. When using a multisig wallet, we should also learn more about its security properties in advance to avoid unnecessary losses.