The Bitcoin-based platform Odin.fun has suspended trading and withdrawals after a substantial 20% drop in deposits. This has raised concerns about potential security breaches.
Problem Notification
An X user, @web3xiaoba, reported that deposits on Odin.fun fell from 291 BTC to 232.8 BTC, resulting in a loss of approximately 58.2 BTC. The account also identified two addresses allegedly involved in the transactions and claimed that the exploit was executed by manipulating liquidity to extract BTC without leaving paired assets.
Market Reaction to the Incident
Odin.fun's founder, Bob Bodily, confirmed that the platform had paused all trading to 'ensure we can protect user funds' during the investigation. This incident recalled a similar event in April when Bodily’s account was compromised, leading to unauthorized asset clearance. The ODINDOG token saw a slump of about 40%, affecting other tokens on the platform.
Are There Vulnerabilities in the Authentication System?
Following the previous breach, members of the Internet Computer (ICP) developer community pointed to a potential flaw in the 'Sign-In With Bitcoin' (SIWB) canister. According to a DFINITY forum post, the SIWB canister did not properly verify that a public key matched the associated Bitcoin address, allowing attackers to impersonate users. The vulnerability was patched after the incident, but it remains unclear if the Odin.fun team has implemented the necessary protections.
Odin.fun's pathway to recovery likely hinges not just on resuming services but also on substantial efforts to rebuild its reputation. Such incidents in the memecoin sector can have serious repercussions for platform integrity.
