Bitcoin Memecoin Platform Odin.fun Loses 58.2 BTC in Security Breach

Key Takeaways:

• Odin.fun launchpad suffers $7 million loss in liquidation pool attack. 
• This second attack deepens skepticism about the platform's security.
• Liquidity manipulation and multisig wallet exploits remain common attack methods.

Odin.fun, a Bitcoin-based memecoin launchpad, suffered a rapid and severe loss in its reserves after a suspected security breach. In less than two hours, the platform’s BTC holdings plunged by nearly 20%, dropping from 291 BTC to 232.8 BTC. 

The outflow represents a loss of roughly 58.2 BTC, valued at about $7 million, and has sparked concerns over the safety of user funds on the platform.

Liquidity Manipulation Identified as Cause of Exploit

On August 13, PeckShield Security identified the attack on Odin.fun as a case of liquidity pool manipulation, referencing insights from an @Odin_GodOfRunes community member on X, who goes by the name web3xiaoba.

#PeckShieldAlert An @Odin_GodOfRunes community member reported that 58.2 $BTC (worth ~$7M) were drained from the platform.

– Hackers added liquidity (e.g., via $SATOSHI)
– Artificially inflated the token price
– Removed liquidity to receive BTC returns

Attacker Addresses:
-… pic.twitter.com/igSZZujB1I

— PeckShieldAlert (@PeckShieldAlert) August 13, 2025

The user described how the attackers added tokens, such as SATOSHI, into Odin.fun’s liquidity pools. 

By artificially boosting these token prices, they manipulated the automated market-making system. Once prices were inflated, they withdrew their liquidity and converted their gains into Bitcoin, effectively draining the platform’s reserves.

A few hours after the breach, Odin.fun co-founder Bob Bodily publicly addressed the incident. While he revealed that the team was still assessing the extent of damage, he also admitted that the company's treasury was insufficient to cover all liabilities.

The co-founder attributed the recent mishap to the platform’s automated liquidity market-making tool, a system meant to keep trading balanced, but which, in this case, created a vulnerability. 

Security investigators have traced the liquidity attack on Odin.fun to multiple threat actors, with preliminary evidence pointing to Chinese-affiliated entities as the primary perpetrators. 

Bodily confirmed that while the platform's treasury cannot fully cover the losses, a structured compensation plan was in development for affected users.

Apologies for the delay in responding to today’s event. We know it’s been over 8 hours since the exploit and our silence has likely been frustrating for many of you. We wanted to speak sooner but needed time to verify the facts and take immediate action to protect user funds.…

— Bob Bodily, PhD 👋 | #BTC #ETH #ICP 🧙🏽‍♂️ (@BobBodily) August 13, 2025

In response to the heist, Odin.fun has mobilized an international effort to track down the perpetrators. 

The platform has formally engaged U.S. law enforcement and is working with major off-ramp exchanges like Binance and OKX in a bid to pursue the attacker and recover the funds. Furthermore, both exchanges have initiated contact with Chinese authorities, further confirming the idea that the digital acriminals may be operating within China's borders.

The platform's vulnerability to attacks isn't new. Just four months prio, in April 2025, co-founder Bodily's own account was compromised, leading to unauthorized asset liquidations and forced trading suspensions.  

The fallout saw the platform’s memecoin, ODINDOG, lose about 40% of its value. The damage extended to other tokens hosted on Odin.fun, sparking debate within the community. The current Bitcoin theft has reopened old wounds. 

Once again, the community is split; some commend the swift response, while others are frustrated at what they see as a pattern of recurring security failures.

Is There a Lasting Fix for Repeated Trading Platform Hacks?

Despite the tremendous crypto growth in the last 6 months, the sector remains plagued by security vulnerabilities.

This pattern of exploits reveals how attackers continue to find and exploit security gaps across exchanges and DeFi projects, regardless of their size or technical sophistication.

Earlier this year, Bybit suffered the largest recorded crypto breach when hackers drained around $1.46 billion from its Ethereum wallet. 

ByBit Exchange Hack ($1.4B Transactions) – Security Researcher Explained

1. What the transaction did
2. How it could have (potentially) been prevented
3. How to spot this kind of transaction pic.twitter.com/lecpsGTYN6

— Patrick Collins (@PatrickAlphaC) February 22, 2025

The attackers reportedly used phishing techniques combined with malicious JavaScript injections to disguise their activity as legitimate transactions. While users saw normal transfer confirmations, the funds were quietly diverted to the attackers’ wallets.

Two months later, Indian Bitcoin exchange WazirX was hit with a $235 million crypto breach due to a breach in its multi-signature wallet system. Attackers exploited the multisig mechanism, altering smart contract controls in their favor to bypass key approvals and drain funds.