Bitcoin-based meme coin launchpad Odin.fun has lost approximately 58.2 BTC, worth roughly $7 million, through a liquidity exploit, according to blockchain security firm PeckShield.
The attack occurred through what’s often called a “liquidity manipulation” attack. They're triggered when a bad actor moves large amounts of crypto or cash in a way that impairs trading on the platform. Odin.fun has currently paused its operations.
Bob Bodily, the project’s co-founder and CEO, confirmed in a post on X that the company’s treasury isn’t big enough to cover the losses, but said that the remaining funds stored in the platform are safe.
The company says it has already engaged an unnamed third-party security team to perform a full audit of its code, which could take “up to a week.” Once complete, Odin.fun will reportedly resume operations.
The true identity of the perpetrators is not known, but the founder points to several malicious users, “primarily linked to groups in China,” adding that its partners OKX and Binance are already communicating with Chinese authorities regarding the incident.
Odin.fun launched in January 2025 to allow users to trade Bitcoin Runes, a type of fungible Bitcoin-based token broadly comparable to BRC-20 tokens. Created by Casey Rodarmor in April 2024, also the creator of Bitcoin Ordinals, Bitcoin Runes allow people to create meme coin projects while leaving the Bitcoin blockchain.
The founder told Decrypt in January 2025 the vision was for the platform to allow meme coins to be traded “at the speed of light.”
What is a liquidity manipulation attack?
A liquidity attack is when a bad actor moves large amounts of cryptocurrency or cash in a way that reduces the ease of trading on a platform. These types of attacks can cause price swings or force liquidations by leveraged traders.
In the recent case of Odin.fun, hackers used the platform’s automated market maker to artificially inflate the price of the meme coin SATOSHI•NAKAMOTO ($SATOSHI) and withdraw the liquidity in Bitcoin, according to one Chinese on-chain sleuth.
Liquidity manipulation-based attacks have continued to crop up over the years. In 2022, DeFi platform Mango Markets lost around $116 million to a similar exploit. Ari Redbord, global head of policy at blockchain security analyst TRM Labs, told Decrypt the recent incident was down to “a flaw introduced during an automated market maker (AMM) update.”
He recommends that platforms protect themselves from these types of attacks by using external price oracles, as well as “setting deposit and slippage limits, monitoring transactions in real time and fully auditing code before deployment.”
Redbord told Decrypt that liquidity manipulation incidents have grown in recent years with the rise of DeFi, as criminals “often target new or lightly audited protocols tied to high-volatility trading, exploiting hype and speed to act before detection.”
Redbord said meme coin platforms can be especially vulnerable to these types of exploits as many operate with “shallow liquidity, concentrated token ownership, rushed launches and skipped audits” which can make price manipulation easier and allow the liquidity pool to be “drained in minutes.”
s0xToolman, a psuedo-anonymous analyst at DeFi auditing tool Bubblemaps, remarked on the simplicity of the exploit which was used, saying “anyone having some knowledge on DEX pools would know this.” He told Decrypt “there's no excuse for the team to not know this could happen.”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。