Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Optics Bridge was attacked and ownership of the multi-signature wallet was transferred. cLabs engineer Tim Moreton said that the multi-signature permission of Optics, a cross-chain communication protocol on Celo, was replaced because someone activated the Optics recovery mode (recovery mode) on the Ethereum GovernanceRouter contract, which caused the recovery account to take over the Optics protocol and overwrite it. The original multi-signature permissions. Tim Moreton said that he believes that the funds on the current cross-chain bridge are not risky. Tim Moreton also said that the situation occurred within 15 minutes after cLabs expelled James Prestwich. The team is currently contacting James Prestwich to find a solution. The team is currently working to exit the recovery mode and restore the community's multi-signature governance. James Prestwich responded on Twitter that he had never had the right to activate the recovery mode and expressed regret for cLabs and Celo's damage to his reputation. Attack method (per SlowMist): Multi-signature permission vulnerability. Reported loss: -.
- chain
- ethereum
- protocol
- Optics Bridge
- bug_class
- unknown
- date_occurred
- 2021-11-23
- loss_usd
- —
- source_id
- sm:optics-bridge::2021-11-23