Odin.fun users panic as suspicious withdrawals drain deposits

Odin.fun, a Bitcoin-based memecoin launchpad, has suspended trading and withdrawals after deposits on the platform plunged by nearly 20% in less than two hours, sparking fears of a serious security breach.

An alarm was raised by an X user, @web3xiaoba, who said the platform’s Bitcoin deposits fell from 291 BTC to 232.8 BTC, a loss of roughly 58.2 BTC. The account also identified two addresses allegedly involved in the transactions and claimed the exploit was carried out by manipulating liquidity pools to extract BTC without leaving paired assets behind.

Bob Bodily, Odin.fun’s founder, confirmed on X that the platform had paused all trading “to ensure we can protect user funds” while investigating the withdrawals.

Hi everyone – we're looking deeper into the recent withdrawals from the platform, so we've paused trading to ensure we can protect user funds.

We'll keep you all posted on the investigation.

More soon!

— Bob Bodily, PhD 👋 | #BTC #ETH #ICP 🧙🏽‍♂️ (@BobBodily) August 12, 2025

BTC drain triggers market rout

The latest developments have triggered recalls of the incident that occurred in April 2025, when Cryptopolitan reported that Bob Bodily’s Odin.fun’s account was compromised, leading to the unauthorized clearance of assets.

Odin paused trading and withdrawals to confirm if more accounts were affected and also to fix the issues.

The incident sent a ripple effect in the market as ODINDOG, the platform’s token, saw a slump of about 40%. It also affected other tokens hosted on the platform.

When this breach occurred, it split the community along the lines of sympathy and suspicion.

Some users accepted Bodily’s account of an external compromise, describing the situation as a “nightmare.” Others questioned why withdrawals for all users had been suspended if, as Bodily initially claimed, only his account was targeted.

This latest occurrence has also torn the community apart, with some still laying the blame at the founder’s feet.

Possible flaw in Odin.fun’s authentication system

The actors behind this breach haven’t made themselves known. However, after the previous breach, members of the Internet Computer (ICP) developer community have pointed to a critical flaw in the “Sign-In With Bitcoin” (SIWB) canister.

According to a DFINITY forum post, the SIWB canister did not properly verify that a public key matched the associated Bitcoin address, enabling attackers to impersonate users by replaying signed messages.

The vulnerability was patched after the Odin incident, with DFINITY urging all teams using custom SIWB deployments to apply the fix before re-enabling sensitive actions like withdrawals.

It looks to be seen if this advice was taken by the Odin.fun team.

Can Odin.fun rebuild trust?

For Odin.fun, the road to recovery will hinge on more than just restoring service. In the memecoin sector, a volatile corner of the crypto market often fuelled by speculative mania, reputation and user confidence are among the most valuable assets.

Platforms like Odin, modelled after Solana’s Pump.fun and Tron’s SunPump, rely heavily on community participation, rapid token launches and fluid liquidity provision.

Security failures in this environment can be devastating. A similar breach earlier this year at Four.Meme, another meme-token launchpad, wiped out millions in user funds and caused lasting damage to its brand.

Odin’s management has not provided a timeline for resuming withdrawals or trading.In the meantime, its user base is left in limbo, some hoping the incident was contained to a handful of accounts, others bracing for major losses.

Your crypto news deserves attention - KEY Difference Wire puts you on 250 top sites