Odin.fun CEO blames breach on faulty AMM

Bob Bodily, the founder and CEO of Bitcoin-based memecoin launching and trading platform, Odin.fun, claims that its latest high-profile breach happened due to a faulty liquidity automated market maker (AMM) introduced in its latest update. Bodily claims that the flaw was exploited by groups operating primarily out of China to drain tens of Bitcoins from the platform. The hack, which was first reported by a member of the Odin.fun community, resulted in the theft of approximately 58.2 BTC, worth about $7 million at current prices, in less than two hours. In a post on X , Bodily confirmed that the company’s treasury is not large enough to fully cover the losses, which further intensified the community concerns about the platform’s future. “The remaining funds in the platform are safe,” Bodily wrote in the same post, adding that they have engaged the services of a top-tier security firm to conduct a full code audit. Odin.fun blames vulnerability on latest update According to Bodily, the breach came from a vulnerability in Odin.fun’s liquidity AMM, the mechanism that enables decentralized token swaps on the platform. The flaw, introduced in the latest update, allowed attackers to manipulate trades and withdraw BTC without equivalent paired assets. Apologies for the delay in responding to today’s event. We know it’s been over 8 hours since the exploit and our silence has likely been frustrating for many of you. We wanted to speak sooner but needed time to verify the facts and take immediate action to protect user funds.… — Bob Bodily, PhD 👋 | #BTC #ETH #ICP 🧙🏽‍♂️ (@BobBodily) August 13, 2025 Bodily said several groups linked to China took advantage of the bug, and quickly moved a considerable amount of BTC before the vulnerability was discovered and withdrawals were paused. The company has reportedly contacted OKX and Binance, both of which have reportedly engaged authorities in China to track the stolen funds. Attackers warned about law enforcement involvement Odin.fun has also contacted U.S. law enforcement and claimed to have identified several of the groups involved. Bodily issued a direct warning to those holding stolen BTC: “You have a short window to return the funds before it is too late. This is not a negotiation,” he wrote. “Most of you have already been identified, and we will dedicate as much time and resources as required to recover what was stolen.” This is not the first time Odin.fun has faced a security breach. In April, the platform paused withdrawals after disclosing a vulnerability in its “Sign-In With Bitcoin” feature that allowed attackers to impersonate users. While that exploit was patched quickly, the latest incident is far larger in scale and has left the platform’s user base shaken. The company is now relying on blockchain forensics, cooperation from major exchanges, and cross-border legal action to recover stolen assets. Plans for compensation and rebuilding trust While Odin.fun has not yet finalized its compensation plan, Bodily stated that they are working on a “concrete plan to compensate everyone affected.” He also promised that the platform will work to “make everyone whole” despite the treasury shortfall. He hinted at creative recovery strategies, though no details have been released. “If you like ODIN•FUN, we think you will appreciate what we’re working on,” he said, stressing that the company intends to stay in business and continue expanding. Despite the breach, Bodily has praised Odin.fun’s rapid growth in the Bitcoin DeFi space, claiming it has been “growing faster than any other Bitcoin DeFi platform” and remains the top player in the niche. If you’re reading this, you’re already ahead. Stay there with our newsletter .

Source: Cryptopolitan