The bug was in Audius community treasury contract.
Exploited steps:
Tx (1): initialize + ProposalSubmitted + Staked.
Attacker called initialize() to modify configurations:
_votingPeriod to 3 blocks,
_executionDelay to 0 block
_guardianAddress
Attacker Wallet: 0x0a0805082ea0fc8bfdcc6218a986efda6704efe5
688 accounts hacked.
Around 214k $OP lost
fillSellOrder issue in Quixotic contract optimistic.etherscan.io/address/0x065e…
If you are in Quixotic, urgent to revoke this address, 0x065e8a87b8f11aed6facf9447abe5e8c5d7502b6
First exploited since block 15012646, transfered 13,100 Ether.
TransactionID: 21106 etherscan.io/tx/0x27981c728…
Confrimed by two wallets. 2 of 5 approval will trigger transaction.
0xf845A7ee8477AD1FB4446651E548901a2635A915
0x812d8622C6F3c45959439e7ede3C580dA06f8f25