Odin.fun Exploit: Over $7 Million Lost

Odin.fun, a platform for trading Bitcoin-based memecoins, has reported a significant security breach resulting in the loss of 58.2 BTC, roughly valued at $7 million, according to blockchain security experts at PeckShield. The incident was brought to light by a member of the Odin.fun community, who described a liquidity manipulation attack by the hackers involving tokens like SATOSHI, which inflated prices before the attackers withdrew liquidity to pocket Bitcoin profits. This incident caused the platform's Bitcoin deposits to plummet from 291 BTC to 232.8 BTC within two hours. About eight hours post-breach, co-founder Bob Bodily took to X to inform the community that the team was actively assessing the total losses. He stated, "We are still evaluating the exact amount of BTC lost, but our company treasury currently cannot cover these losses. However, the remaining funds are secure." Bodily noted that the attack exploited a serious vulnerability in the platform's automated liquidity market-making tool, and indicated that various threat actors, predominantly associated with Chinese entities, were behind the theft. Furthermore, he assured users that remedial measures are underway, as the team is devising a solid plan to compensate those impacted. "We have ideas, and we’ll provide details once they’re confirmed," he said, also mentioning ongoing communications with a security team for a comprehensive audit that might extend up to a week. Odin.fun has reached out to U.S. law enforcement and partnered with major exchanges OKX and Binance, both of which are liaising with Chinese authorities regarding the breach. Bodily emphasized the availability of concrete evidence against the attackers, including meticulous records of wallet activities. In a stern message directed at the perpetrators, Bodily warned, "You have a limited time to return the funds before it's too late. This isn’t a negotiation; it’s your only chance to mitigate consequences and evade prosecution. Many of you have been identified, and we will expend maximum efforts to recover what was stolen."