20 million Optimism tokens sent to nonexistent address, someone else snags them before they can be recovered

As the Ethereum scaling project Optimism worked to create the $OP token, a token they launched in a move towards decentralizing the project's governance, they decided to obtain a loan from a third party, Wintermute, to provide initial liquidity, in exchange for 20 million $OP. However, Wintermute mistakenly provided the wrong multi-sig wallet address to Optimism, and the 20 million tokens were sent to an address that had not yet been created. The teams attempted to deploy the multi-sig wallet address to retrieve the tokens, but another person noticed the blunder and was able to do so first.

Wintermute published a blog post taking responsibility for the error, and announced that they would "proceed to buy OP every time the attacker sells it to make the protocol whole eventually". So far the attacker has sold 1 million $OP for about $1 million USD.

Wintermute wrote that they were "open to see this as a white hat exploit", but if the funds were not returned within a week, they were "100% committed to returning all the funds, tracking the person(s) responsible for the exploit, fully doxxing them and delivering them to the corresponding juridical system".

Remarkably, the attacker returned 17 million of the tokens two days later, keeping 2 million as a "bounty". Wintermute agreed to reimburse the Optimism Foundation for the remaining 2 million $OP.