Odin.Fun Hack
Incident Overview
On August 12, 2025, Odin.fun, a Bitcoin-based memecoin launchpad and trading platform, was exploited for 58.2 BTC worth approximately $7 million. The attack involved a liquidity manipulation scheme targeting the platform's automated market-making tool, with hackers primarily linked to Chinese entities according to the co-founder's statement.
The exploit targeted a vulnerability in Odin.fun's automated liquidity market-making tool that was introduced in their latest update. The attackers executed a liquidity manipulation attack by adding tokens like SATOSHI to artificially inflate prices, then withdrawing their liquidity to receive Bitcoin returns. The platform's Bitcoin deposits dropped from 291 BTC to 232.8 BTC in under two hours as multiple threat actors took advantage of the vulnerability.
The co-founder Bob Bodily confirmed that various malicious users, primarily linked to groups in China, exploited the flaw to steal significant amounts of BTC from the platform. The company's treasury is insufficient to cover the full losses, but the team has engaged a top-tier security auditing team for a comprehensive code audit that may take up to a week. Odin.fun has contacted U.S.
law enforcement and is cooperating with major exchanges OKX and Binance, who have engaged Chinese authorities regarding the incident.
Attacker Addresses:
jeypm-z6t4p-uqshx-dtay4-qgw5d-ca7j5-alviu-fch2d-nmsnc-c4k3k-aae
urguz-m32zo-jlld6-pyy4l-z3c24-jv4pt-5fmll-gq2xd-6siiz-oxkao-xae
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to Odin.Fun, these are the critical security checks that could have prevented this incident (August 2025).
- Verify all logic paths related to Liquidity Manipulation Exploit / Oracle Issue are guarded by proper access controls and input validation - see the Oracle Manipulation & Price Manipulation attack class for patterns
- Audit oracle price feeds for manipulation risks - ensure time-weighted average prices (TWAPs) or multi-source aggregators are used, not spot prices
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialRelated Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
Learn to Prevent the Next Odin.Fun
The Odin.Fun hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.