tl;dr
Bitcoin meme coin launchpad Odin.fun lost about 58.2 BTC (around $7 million) due to a liquidity manipulation exploit detected by blockchain security firm PeckShield. The attack involved artificially inflating the price of the SATOSHI•NAKAMOTO coin using the platform's automated market maker and then...
Bitcoin-based meme coin launchpad Odin.fun suffered a significant loss of approximately 58.2 BTC, valued around $7 million, due to a liquidity exploit identified by blockchain security firm PeckShield. This exploit was a classic example of a “liquidity manipulation” attack, where a bad actor moves large amounts of cryptocurrency or cash to disrupt trading on the platform.
Odin.fun has paused its operations following the attack. Bob Bodily, the project’s co-founder and CEO, confirmed that the company’s treasury cannot cover the loss but assured that the remaining funds on the platform remain safe. The team has engaged a third-party security firm to conduct a thorough audit of the platform’s code, estimated to take up to a week, after which they plan to resume operations.
The attack's perpetrators remain unidentified, though the founder linked the malicious activity primarily to groups in China. Partners including OKX and Binance are reportedly collaborating with Chinese authorities in response to the incident.
Launched in January 2025, Odin.fun enabled trading of Bitcoin Runes—a fungible Bitcoin-based token similar to BRC-20 tokens, created by Casey Rodarmor in April 2024. Bitcoin Runes allow users to launch meme coin projects outside of the Bitcoin blockchain, with the platform aiming to facilitate ultra-fast meme coin trades.
In explaining liquidity manipulation attacks, these occur when perpetrators strategically move substantial sums to hinder trading ease on a platform, provoking price swings or liquidations of leveraged traders. On Odin.fun, the attackers used the platform’s automated market maker (AMM) to inflate the price of the SATOSHI•NAKAMOTO ($SATOSHI) coin artificially and then withdrew liquidity in Bitcoin.
Liquidity manipulation is not new; similar attacks have repeatedly targeted DeFi platforms. For instance, Mango Markets lost about $116 million in a comparable exploit in 2022. Ari Redbord of TRM Labs attributed the Odin.fun incident to a flaw introduced during an AMM update and recommended that platforms defend against such attacks by employing external price oracles, setting strict deposit and slippage limits, real-time transaction monitoring, and comprehensive code audits.
Redbord noted that the rise of DeFi has led to increased liquidity manipulation attacks, especially targeting new or lightly audited protocols involved in high-volatility trading. Meme coin platforms are particularly vulnerable due to shallow liquidity, concentrated token ownership, rushed launches, and insufficient audits, all factors that facilitate rapid price manipulation and liquidity drain.
A pseudonymous DeFi analyst, s0xToolman from Bubblemaps, highlighted the straightforwardness of the exploit, emphasizing that anyone familiar with decentralized exchange pools would recognize this vulnerability. He criticized the Odin.fun team for not anticipating such an attack, implying avoidable oversight contributed to the loss.