📢Hypr's OP Stack Bridge experienced an exploit on Dec 12th, 2023. This postmortem details the incident.
Post Here:
hypr.network/articles/incide…
TLDR;
⚡️Hypr’s OP Stack Bridge experienced an exploit. This does not affect
$hypr holders.
⚡️2 Users were affected, with a total of 2.57M Hypr drained and sold in the open market, creating a massive decline in price.
⚡️Hypr used the most recent version of the develop branch of the OP monorepo at the time of deployment. Unbeknownst to us, this was not a production-ready branch and at the time contained a critical vulnerability which had yet to be patched.
SEQUENCE OF EVENTS
7:48 PM PST: We received an alert that something unusual was happening on the Hypr Bridge. This event was followed by massive selling and price dropping.
8:09 PM PST: We tweeted an announcement, informing users not to use the bridge. At the same time, we shut off access to the bridge so no users could use it.
8:31 PM PST: All-hands on deck to confirm what was happening. We determined that our bridge was exploited and the 2.57M Hypr that was bridged by 2 users was being drained and then sold in the open market, causing price to massively drop.
9:12 PM PST: We opened up a war room chat with
@samczsun, other security researchers, the Optimism team, and our developers. We quickly identified the root cause.
THANK YOU
We want to personally thank
@samczsun @SlowMist_Team @BlockSecTeam OP Labs, and others that helped us in the war room to get to root cause. We also want to thank the Hypr community for your patience the last several very difficult hours. Thank you.
NEXT STEPS
We are working with the OP Labs team to get the most production-ready and safe branch for the bridge. We will put that bridge under heavy testing, auditing, and want to have confidence that users are 100% safe.