About 60 BTC stolen from Odin.fun! The founder admits that he “doesn’t have enough funds to compensate” for pointing out Chinese hackers
Odin.fun suffered another security breach and about 60 Bitcoins were stolen. Co-founder Bob said the current project is underfunded to provide full compensation.
(Preliminary information: Your computer is helping hackers mine Bitcoins! 3,500 websites have been implanted with "mining scripts", and invisible hijacking makes users unaware)
(Background supplement: GMX hackers chose to "be white hats" to return US$40.5 million! After accepting 4.5 million bounties, $GMX rebounded by 16%)
Rune trading platform Odin.fun A major hacking attack was reported last night. About 58.2 to 60 Bitcoins were withdrawn without authorization, with a market value of about US$7 million. The platform token $ODINDOG plummeted 40% that day. Bob, the founder of the platform, issued a statement saying that the company's assets are currently insufficient to compensate for the hacked amount, but the funds stored by users on the platform are currently not in danger.
This is the second time Odin.fun has been attacked this year. The "Sign-In With Bitcoin" vulnerability hacked in April is still fresh in the memory of users, and the serial blood loss makes users very scared.
Apologies for the delay in responding to today’s event. We know it’s been over 8 hours since the exploit and our silence has likely been frustrating for many of you. We wanted to speak sooner but needed time to verify the facts and take immediate action to protect user funds.…
— Bob Bodily, PhD 👋 | #BTC #ETH #ICP 🧙🏽♂️ (@BobBodily) August 13, 2025
Points to Chinese hackers
April's SIWB container vulnerability allows attackers to impersonate accounts. Yesterday, Odin.fun It was suspected that the weaknesses of the AMM smart contract were breached, including liquidity pool manipulation, flash loans, or logic flaws, and BTC was stolen.
Founder Bob Bodily admitted on the X platform that the platform "has major loopholes and the funds are insufficient to fully compensate" and pointed to "criminal gangs in China." He added:
Several groups that profit from this vulnerability have been identified and will be pursued and prosecuted in China, saying that they have a large amount of evidence, including the activities of these criminal gangs' wallets.
The police have been notified
After news of the attack came out, users withdrew large amounts of assets in a short period of time, and platform deposits dropped from 291 BTC to about 233 BTC, indicating that panic was spreading. Odin.fun has temporarily suspended trading and withdrawals. For DeFi users who lack a centralized insurance pool, the message that the project party is “unable to pay in full” is almost equivalent to real losses, and the impact of trust rupture is no longer limited to a single platform.
Currently, Odin.fun has notified U.S. law enforcement agencies, is cooperating with OKX and Binance to trace the flow of funds, and is also trying to connect with Chinese law enforcement agencies. The incident has also forced more DeFi teams to re-examine security audits, third-party insurance and DAO emergency response processes.
