Odin.fun Experiences Security Breach, Approximately 60 Bitcoins Stolen
Co-founder Bob states that the current project lacks sufficient funds for full compensation.
(Background: Your computer is helping hackers mine Bitcoin! 3,500 websites have been implanted with “mining scripts,” invisibly hijacking users without their knowledge.)
(Context: GMX hackers choose to “act as white hats” and return $40.5 million! Accepting a $4.5 million bounty, $GMX rebounds by 16%.)
Incident Overview
The rune trading platform Odin.fun reported a significant hacking attack last night, with approximately 58.2 to 60 Bitcoins withdrawn without authorization, valued at around $7 million. The platform token $ODINDOG plummeted by 40% on the same day. Founder Bob stated that the company currently lacks sufficient assets to compensate for the stolen amount, but the funds stored by users on the platform are currently safe. This is the second attack on Odin.fun this year, with the “Sign-In With Bitcoin” vulnerability from April still fresh in users’ memories, causing considerable fear among them due to the ongoing losses.
Apologies for the delay in responding to today’s event. We know it’s been over 8 hours since the exploit and our silence has likely been frustrating for many of you. We wanted to speak sooner but needed time to verify the facts and take immediate action to protect user funds.…
— Bob Bodily, PhD | #BTC #ETH #ICP ♂️ (@BobBodily) August 13, 2025
Attribution to Chinese Hackers
The SIWB container vulnerability from April allowed attackers to impersonate account operations. Yesterday, a suspected weakness in the AMM smart contracts on Odin.fun was exploited, including issues related to liquidity pool manipulation, flash loans, or logical flaws, leading to the theft of BTC. Founder Bob Bodily admitted on the X platform that the platform “has significant vulnerabilities and lacks the funds for full compensation,” pointing to “criminal gangs within China.” He added:
We have identified several groups that profited from the exploit and will pursue them in China and file lawsuits, stating that we have substantial evidence, including the activity of these criminal gangs’ wallets.
Current Developments
Following the news of the attack, users quickly withdrew large amounts of assets, with the platform’s deposits dropping from 291 BTC to approximately 233 BTC, indicating a spreading sense of panic. Odin.fun has urgently suspended trading and withdrawals. For DeFi users lacking a centralized insurance pool, the message that the project “cannot fully compensate” is almost equivalent to a real loss, and the breach of trust extends beyond a single platform. Currently, Odin.fun has reported the incident to U.S. law enforcement and is collaborating with OKX and Binance to trace the flow of funds while attempting to connect with Chinese enforcement agencies. The incident has also compelled more DeFi teams to reassess security audits, third-party insurance, and DAO emergency response processes.
