Key Takeaways
- $7 million worth of BTC was drained from ODIN.FUN.
- Hackers exploited a vulnerability in the decentralized exchange’s automated market maker (AMM).
- The platform has suspended trading and withdrawals.
Blockchain analysts have observed that 58.2 BTC, worth around $7 million, has been drained from the Bitcoin Runes exchange, ODIN.FUN.
The attackers, who are apparently linked to groups in China, exploited a vulnerability in the automated market maker to artificially inflate the price of $SATOSHI and withdraw liquidity in BTC.
What Is ODIN.FUN?
ODIN.Fun is a Runes trading platform launched in February 2025 and designed to emulate the memecoin launchpad model popularized by Solana’s Pump.Fun.
The project introduces decentralized finance (DeFi) mechanics to the Runes ecosystem by deploying smart contracts on Valhalla, a Bitcoin Layer 2 built on ICP.
While Valhalla represents a major advance in the realm of BTCFi, the experimental nature of the platform has made it vulnerable to bugs and exploits.
A String of Setbacks
In March, 74 BTC “disappeared” due to “a bug in our deposit sync code,” developer Bob Bodily said at the time. The platform was later able to fix the error and restore the correct balances, he claimed.
A month later, Bodily reported that his ODIN.FUN account had been compromised and that the platform had suspended trading and withdrawals pending an investigation.
Bodily later blamed the exploit on a third-party smart contract vulnerability. He said fewer than 10 users were affected and promised to compensate victims.
58.2 BTC Drained
According to PeckShield, the latest hack targeted a vulnerability in ODIN.FUN’s automated market maker (AMM) liquidity module which was introduced in a recent platform update.
Attackers deposited SATOSHI tokens into a liquidity pool and then artificially inflated the price of SATOSHI tokens within the pool by executing a series of coordinated trades or deposits that skewed the pool’s pricing algorithm.
In a statement, Bodily blamed the attack on “malicious users, primarily linked to groups in China.”
“We are still assessing the exact amount of BTC lost, but as of right now, our company treasury isn’t big enough to cover the losses,” he added.
While larger liquidity pools are generally more protected from such attack vectors, and many AMMs have introduced price range limits, ODIN.FUN, built on a pump.fun-style bonding curve, is more susceptible to manipulation.
Recommended Secure Partners
James Morales is CCN’s blockchain and crypto policy reporter. He has been working in the news media since 2020, writing about topics such as payments, banking and financial technology. These days, he likes to explore the latest blockchain innovations and the evolving landscape of global crypto regulation.
With an educational background in social anthropology and media studies, James uses his platform as a journalist to explore how new technologies work, why they matter and how they might shape our future.
