Odin.Fun Hack

TOTAL LOST $7.0M
Medium Liquidity Manipulation Exploit / Oracle Issue icp

Summarize with AI

Affected Chain icp Incident surface
Recovered - No recovery reported
All-Time Rank #369 By amount stolen
Protocol Type Exploit/Oracle Issue Target category

Incident Overview

On August 12, 2025, Odin.fun, a Bitcoin-based memecoin launchpad and trading platform, was exploited for 58.2 BTC worth approximately $7 million. The attack involved a liquidity manipulation scheme targeting the platform's automated market-making tool, with hackers primarily linked to Chinese entities according to the co-founder's statement.

The exploit targeted a vulnerability in Odin.fun's automated liquidity market-making tool that was introduced in their latest update. The attackers executed a liquidity manipulation attack by adding tokens like SATOSHI to artificially inflate prices, then withdrawing their liquidity to receive Bitcoin returns. The platform's Bitcoin deposits dropped from 291 BTC to 232.8 BTC in under two hours as multiple threat actors took advantage of the vulnerability.

The co-founder Bob Bodily confirmed that various malicious users, primarily linked to groups in China, exploited the flaw to steal significant amounts of BTC from the platform. The company's treasury is insufficient to cover the full losses, but the team has engaged a top-tier security auditing team for a comprehensive code audit that may take up to a week. Odin.fun has contacted U.S.

law enforcement and is cooperating with major exchanges OKX and Binance, who have engaged Chinese authorities regarding the incident.

Attacker Addresses:

jeypm-z6t4p-uqshx-dtay4-qgw5d-ca7j5-alviu-fch2d-nmsnc-c4k3k-aae

urguz-m32zo-jlld6-pyy4l-z3c24-jv4pt-5fmll-gq2xd-6siiz-oxkao-xae

Incident Report

Protocol / Project Odin.Fun
Date of Incident
Affected Chain(s) icp
Attack Technique Liquidity Manipulation Exploit / Oracle Issue
Classification Protocol Logic / Exchange (DEX)
Primary Source View Post-Mortem

Protocol Information

Protocol Type Exploit/Oracle Issue
Smart Contract Language Motoko
Official Website odin.fun/
Protocol Twitter/X @Odin_GodOfRunes
Team Anonymous
Source Code Unverified

What the Attacker Needed to Succeed

Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.

Technical Knowledge Deep understanding of liquidity manipulation exploit / oracle issue and Solidity and EVM internals
Capital Required Seed capital to cover gas and initial position setup
On-Chain Access Ability to interact with icp smart contracts and deploy a custom exploit contract
Protocol Analysis Identification of the exploitable vulnerability in Odin.Fun's contract logic - root cause: protocol logic / exchange (dex)
Execution Speed Precise transaction ordering and timing to exploit the vulnerability within a single atomic block
Obfuscation Plan A strategy to launder and move stolen funds - typically through mixers, cross-chain bridges, or decentralized DEX swaps to resist tracing

What Auditors Should Check

Could this have been caught in audit? Yes — skilled auditors routinely flag Liquidity Manipulation Exploit / Oracle Issue vulnerabilities in code review

If you're auditing a protocol with similar architecture to Odin.Fun, these are the critical security checks that could have prevented this incident (August 2025).

  • Verify all logic paths related to Liquidity Manipulation Exploit / Oracle Issue are guarded by proper access controls and input validation - see the Oracle Manipulation & Price Manipulation attack class for patterns
  • Audit oracle price feeds for manipulation risks - ensure time-weighted average prices (TWAPs) or multi-source aggregators are used, not spot prices
  • Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs

Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.

Free Trial

Related Attack Classes

The technique used in this hack maps to these vulnerability classes in our security curriculum:

See all Oracle Manipulation & Price Manipulation examples →

Sources & References

Learn to Prevent the Next Odin.Fun

The Odin.Fun hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.

Recreate exploit patterns safely Free Trial