KEY POINTS
Odin.fun, a memecoin launchpad and trading platform built on Bitcoin, suffered an exploit on Wednesday, resulting in the loss of 58.2 BTC valued at approximately $7 million. Blockchain security firm PeckShield first reported the drain, which the platform’s co-founder later confirmed was caused by a critical vulnerability in its automated liquidity market-making tool.
The incident has left the project’s treasury unable to cover the full extent of the losses, though the team has pledged to develop a compensation plan for affected users.
Details of the Attack
According to an analysis shared by community members and confirmed by the project, attackers executed a sophisticated liquidity manipulation attack. The exploiters targeted the platform’s automated market maker by adding tokens like SATOSHI to specific liquidity pools, which artificially inflated their prices.
Once the prices were inflated, the attackers withdrew their liquidity, allowing them to receive significantly more Bitcoin in return than they had deposited. On-chain data showed the platform’s bitcoin balance dropping from 291 BTC to just 232.8 BTC in under two hours, demonstrating the rapid nature of the drain.
Odin.fun Confirms Loss, Vows to Compensate Users
In a series of posts on the social media platform X, Odin.fun co-founder Bob Bodily acknowledged the breach and provided details on the team’s response. “We are still assessing the exact amount of BTC lost, but as of right now, our company treasury isn’t big enough to cover the losses,” Bodily stated, adding that “the remaining funds in the platform are safe.”
Bodily attributed the exploit to “various threat actors, mainly tied to Chinese entities,” who took advantage of the identified flaw. He assured the community that the team is working on a “concrete plan” to make affected users whole and would share details as soon as they are finalized.
Law Enforcement and Exchanges Involved
Odin.fun has escalated the incident to U.S. law enforcement and is collaborating with major crypto exchanges OKX and Binance to track the stolen funds. According to Bodily, both exchanges have engaged with Chinese authorities, as the project claims to have “substantial evidence” against the perpetrators, including detailed records of their wallet activities.
The platform is also commissioning a full security audit from an external firm, which is expected to take up to a week to complete. In a direct message to the attackers, Bodily issued a stern warning.
“You have a short window to return the funds before it is too late,” he wrote. “This is not a negotiation. You have one chance to limit the consequences and avoid prosecution. Most of you have already been identified, and we will be sure to dedicate as much time and resources as required to recover what was stolen.”
A Test for Bitcoin’s Emerging DeFi Ecosystem
The exploit at Odin.fun highlights the growing pains and security risks inherent in the nascent DeFi and memecoin ecosystem being built on the Bitcoin network. As the platform works with global partners to pursue the attackers and recover the nearly $7 million in stolen assets, its ability to secure its protocol and restore user trust will be a critical test for its future viability.
