ODIN.FUN

DESCRIPTION OF EVENTS

Odin.fun is a decentralized platform built on the Runes protocol, designed for creating and trading Bitcoin-based meme coins. It features fast transaction finality and utilizes a bonding curve pricing model for token launches. Created by the founder of the Bitcoin Ordinals marketplace Bioniq, Odin.fun seeks to boost the Bitcoin ecosystem by enabling meme coin speculation.

Unfortunately, the Odin.Fun platform was vulnerable to a price manipulation attack. The platform had a fundamental design flaw in the platform’s architecture, which lacked price oracle validation for tokens, relied too heavily on internal pool ratios to determine asset value, and had no safeguards in place to prevent self-trade manipulation.

The exploit on Odin.fun began when attackers manipulated the platform’s liquidity system by depositing a mix of BTC and worthless tokens like SATOSHI and ODINPEPE into the smart contract. Through tactics such as overweighted deposits and self-trading, they exploited logical flaws in the automated market maker (AMM), artificially inflating the value of these low-worth tokens relative to BTC.

By boosting the perceived value of their deposits, the attackers were able to extract significantly more BTC than they had legitimately provided. In total, they withdrew around 58.2 BTC—valued at approximately $7 million. The attack was coordinated across multiple accounts, some of which were newly created solely to carry out this exploit.

Attacker Addresses: -jeypm-z6t4p-uqshx-dtay4-qgw5d-ca7j5-alviu-fch2d-nmsnc-c4k3k-aae -urguz-m32zo-jlld6-pyy4l-z3c24-jv4pt-5fmll-gq2xd-6siiz-oxkao-xae

Losses were reported by SlowMist as $7m USD. Quill Audits reported that 52.8 BTC were taken.

Bob Bodily responded 8 hours later, apologizing for the delayed response, explaining that the team needed time to verify details and secure user funds. He confirmed that a vulnerability introduced in the latest liquidity AMM update was exploited by several malicious actors—mostly linked to groups in China—resulting in the theft of a significant amount of BTC. While the exact losses were still being assessed, he assured users that remaining funds were safe. A leading security firm had been hired to perform a full audit, and U.S. and Chinese law enforcement agencies, along with exchanges like OKX and Binance, were already involved in the investigation. Bob issued a firm warning to the attackers to return the stolen BTC or face prosecution, noting that many had already been identified. He promised a compensation plan for affected users and reaffirmed Odin.fun’s commitment to recovery and growth, emphasizing that the incident would not derail the platform’s mission to lead the future of Bitcoin DeFi.

After identifying the incident, the platform froze operations until security audits could be completed. The attack was blamed on sophisticated attackers from China despite the fact that the attacker exploited a basic price manipulation vulnerability.

Bob Bodily would provide updates over time as funds were frozen across several centralized exchanges, authorities involved in pursuing the attackers and retrieving assets, audit fixes were completed, and the finalized report was published. The team worked with partners to ensure all user funds are fully backed 1:1 and clean up the platform by removing illegitimate trades while preserving valid ones.

The platform has reportedly returned to 1:1 backing, with many funds being successfully retrieved from centralized exchanges.

Odin.fun, a decentralized Bitcoin-based meme coin platform built on the Runes protocol, suffered a major exploit due to a critical design flaw in its automated market maker (AMM). Lacking price oracle validation, relying solely on internal pool ratios, and offering no protection against self-trading, the system was vulnerable to manipulation. Attackers exploited this weakness by depositing worthless tokens like SATOSHI and ODINPEPE alongside BTC, inflating their value through self-trades and withdrawing roughly 58.2 BTC (around $7 million). The platform halted operations and launched an investigation involving law enforcement and security firms, with some funds frozen on centralized exchanges. CEO Bob Bodily pledged full audits, user compensation, and system reforms to restore trust.

BobBodily - "Today we discovered a major exploit in our liquidity AMM which was introduced in our latest update. Several malicious users, primarily linked to groups in China, took advantage of this vulnerability to steal a significant amount of BTC from the platform." - Twitter/X (Oct 23)
Explained: The Odin.Fun Hack (August 2025) - Halborn (Oct 23)
How Odin.fun Lost 58.2 BTC in a Liquidity Manipulation Exploit - Quill Audits (Oct 23)
Attackers Drain $7M Bitcoin From Odin.fun in Liquidity Exploit - CoinDesk (Oct 23)
PeckShieldAlert - "#PeckShieldAlert An @Odin_GodOfRunes community member reported that 58.2 $BTC (worth ~$7M) were drained from the platform. - Hackers added liquidity (e.g., via $SATOSHI) - Artificially inflated the token price - Removed liquidity to receive BTC returns" - Twitter/X (Oct 23)
Bob Bodily - "I held off on posting for as long as I could. I REALLY wanted to reopen trading today. Sadly it is going to take at least another day. Audit is done (publishing publicly taking longer than I would have liked but coming soon). User funds are safe and secure." - Twitter/X (Oct 23)
BobBodily - "In order to ensure that ODINFUN is rock solid and secure, we worked with multiple independent groups to review our smart contract code. The external reviews focused on bonding curve and AMM math functionality, code quality, code readability, tests, and language or chain specific issues. After receiving initial reports from our external reviewers, we addressed all of the critical, high, and medium priority issues. Then we either addressed low priority issues or provided justification for why we didn't immediately address them." - Twitter/X (Oct 23)
Bob Bodily - "Had an absolutely fantastic day. Tons of updates. 1. Funds are rolling in. We're up to 280/290 BTC in the protocol right now. 10 BTC left. And I already have cash ready to go here. Just need to convert it to BTC and deposit it into the protocol." - Twitter/X (Oct 23)
Bob Bodily - "1. Funds have been frozen in various CEXs/tokens and we're working with authorities to pursue individuals and get funds returned. 2. We're really close to finishing audit fixes, at which point we'll revert back to the auditor and we'll get the audit published publicly (prior to resuming trading). 3. We're working with a few partners to ensure user funds are backed 1:1 in the platform prior to reopening trading. We're hoping this is finalized in the next few days." - Twitter/X (Oct 23)
BobBodily - "Saturday today but the work doesn't stop. A lot more of the same, so I'll just do a quick update. Working through audit still. A few critical things to do now. A few clean up things that can be done later. Getting close. Made great progress on funds today (as many of you already saw). 30+ BTC back into Odin. More funds in progress too. Good progress on the legal front. I have multiple conversations and streams of work going with FBI and other law enforcement." - Twitter/X (Oct 23)
Odin Fun Homepage (Oct 23)
Odin Fun - Messari (Oct 23)
Bob Bodily Twitter/X Account (Oct 23)
Odin Fun Liquidity Page (Oct 23)

More case studies

WXC Token Smart Contract Token
Burn Mechanism Triggered

YULI AI Token Contract Pool
Spot Price Manipulation Exploit