Bitcoin-based meme coin launchpad Odin.fun has lost approximately 58.2 BTC, worth roughly $7 million, through a liquidity exploit, according to blockchain security firm PeckShield.
The attack occurred through what’s often called a “liquidity manipulation” attack. They’re triggered when a bad actor moves large amounts of crypto or cash in a way that impairs trading on the platform. Odin.fun has currently paused its operations.
Bob Bodily, the project’s co-founder and CEO, confirmed in a post on X that the company’s treasury isn’t big enough to cover the losses, but said that the remaining funds stored in the platform are safe.
The company says it has already engaged an unnamed third-party security team to perform a full audit of its code, which could take “up to a week.” Once complete, Odin.fun will reportedly resume operations.
The true identity of the perpetrators is not known, but the founder points to several malicious users, “primarily linked to groups in China,” adding that its partners OKX and Binance are already communicating with Chinese authorities regarding the incident.
Odin.fun launched in January 2025 to allow users to trade Bitcoin Runes, a type of fungible Bitcoin-based token broadly comparable to BRC-20 tokens. Created by Casey Rodarmor in April 2024, also the creator of Bitcoin Ordinals, Bitcoin Runes allow people to create meme coin projects while leaving the Bitcoin blockchain.
The founder told Decrypt in January 2025 the vision was for the platform to allow meme coins to be traded “at the speed of light.”
A liquidity attack is when a bad actor moves large amounts of cryptocurrency or cash in a way that reduces the ease of trading on a platform. These types of attacks can cause price swings or force liquidations by leveraged traders.
In the recent case of Odin.fun, hackers used the platform’s automated market maker to artificially inflate the price of the meme coin SATOSHI•NAKAMOTO ($SATOSHI) and withdraw the liquidity in Bitcoin, according to one Chinese on-chain sleuth.
Liquidity manipulation-based attacks have continued to crop up over the years. In 2022, DeFi platform Mango Markets lost around $116 million to a similar exploit. Ari Redbord, global head of policy at blockchain security analyst TRM Labs, told Decrypt the recent incident was down to “a flaw introduced during an automated market maker (AMM) update.”