Earlier today, on August 13th, Hackers drained 58.2 Bitcoin, worth about $7 million, from memecoin launchpad Odin.fun in a fast, targeted exploit that played out in under two hours.
The attack, reported this week, hit the platform’s automated liquidity market maker and emptied a large chunk of its BTC reserves.
Odin.fun co-founder Bob Bodily said multiple malicious actors, many tied to groups in China, took advantage of a critical flaw introduced in the site’s recent update.
The thieves used a pump and drain trick that let them swap a worthless token for real BTC at a rigged price.
Attack and impact
Blockchain records show Odin.fun’s bitcoin holdings fell from 291 BTC to 232.8 BTC in less than two hours during the incident. That 58.2 BTC loss equals about $7 million at current rates.
Bodily posted on X that the team discovered “a major exploit in our liquidity AMM, which was introduced in our latest update.” He added that several malicious users took advantage of the weakness to steal a significant amount of BTC.
How the exploit worked?
Attackers used the launchpad’s liquidity pool against itself, and they deposited a token with no real value, similar to one called SATOSHI, alongside BTC. By skewing the supply in a thin market, they pushed the token’s price to an artificial level.
The attackers then used self trades or very large deposits to make the pool math show the fake token as worth a lot of BTC. Once the pool priced the fake token high, they withdrew liquidity and collected real bitcoin at the falsified rate.
The automatic market maker relied only on internal balance ratios. That made the pool vulnerable when trades and deposits were manipulated.
Also Read: Crypto Hackers Exploit Telegram Accounts to Spread Malware Through Fake Video Call Links
Immediate response
A community member first flagged odd liquidity moves, and Odin.fun froze suspicious accounts soon after. Bodily said the platform’s remaining funds are safe. Still, he admitted the treasury is not big enough to cover the full loss.
The team is drawing up what Bodily called a “concrete plan” to compensate users. He said the group is working with a security firm on a full audit that is expected to take up to a week. The platform has promised to share details of its compensation plan once they are final.
Odin.fun has reached out to U.S. law enforcement, and the team is also working with Binance and OKX. Those exchanges have engaged local Chinese authorities to help trace and possibly freeze the stolen funds.
Previous Hacks
In April 2025, UnoCrypto reported, Bodily said his personal X account was hacked, and he posted that a hacker gained access amid the launch of a new decentralised trading product. That message led some users to worry the whole platform had been taken over.
Hours later, Bodily moved to calm fears. In an official statement, he wrote, “Odin.fun has not been hacked. BTC deposits in Odin.fun are fully backed by 1:1 reserves.” The team says the platform’s smart contracts are intact, and the remaining funds are secure.
Why this matters?
Automated market makers can work well when pools are deep and tokens have real demand. They break down when liquidity is shallow and there are no external price checks.
The exploit shows how a single code change can expose large sums when a pool is not stress tested. For small launchpads and new tokens, shallow liquidity can be an invitation to fraud.
Also Read: Cointelegraph Front-End Hacked, Warns Users After Fake Airdrop Scam