23 hours ago
Hackers drained 58.2 bitcoin (BTC), worthy astir $7 million, from memecoin launchpad Odin.fun successful a blase liquidity manipulation exploit that is being linked to China-based hacking groups.
The onslaught targeted the Bitcoin-based memecoin launchpad’s automated liquidity market-making system, which co-founder Bob Bodily aboriginal described arsenic having a captious vulnerability.
Blockchain information shows the platform’s bitcoin reserves plummeted from 291 BTC to 232.8 BTC successful nether 2 hours amid the attack.
“Today we discovered a large exploit successful our liquidity AMM which was introduced successful our latest update,” Bodily said successful an X station pursuing the attack. “Several malicious users, chiefly linked to groups successful China, took vantage of this vulnerability to bargain a important magnitude of BTC from the platform.”
Attackers exploited Odin’s liquidity excavation by depositing a worthless token similar SATOSHI alongside BTC, mounting an inflated terms ratio successful the bladed market. By manipulating the pool’s mathematics — often done self-trading oregon over-weighted deposits — they made the token look acold much invaluable successful BTC terms.
They past withdrew liquidity, receiving ample amounts of existent BTC astatine the fake price, draining 58.2 BTC from the pool.
This pump-and-drain worked due to the fact that automated marketplace makers trust purely connected interior proviso ratios, not outer terms checks, making them susceptible erstwhile pools are shallow oregon poorly secured.
Bodily said the incidental progressive aggregate menace actors, galore tied to Chinese groups, moving successful coordination to exploit the flaw. The breach was archetypal flagged by a assemblage subordinate who noticed the antithetic liquidity movements, prompting an contiguous frost connected suspicious accounts.
While the platform’s remaining funds are “safe,” Bodily admitted Odin’s treasury isn’t ample capable to afloat sorb the losses, forcing the squad to hole what helium called a “concrete plan” to compensate affected users.
“We person ideas… we’ll stock details arsenic soon arsenic they are finalized,” helium said connected X, adding that the program is being shaped alongside a afloat audit from a information steadfast successful a process expected to instrumentality up to a week.
The Odin.fun squad has contacted U.S. instrumentality enforcement and is coordinating with Binance and OKX, some of which person engaged Chinese authorities to way and perchance frost the stolen funds.
English (US) 