Chill Bitcoin Cafe #24

ZhaoweiK avatar
Builder Kim
@ZhaoweiKAug 15, 2025

The Spaces focused on the recent Odin Fund exploit, its implications for BTCFi security, and the momentum of the Bitcoin–ICP (Internet Computer) Runes ecosystem ahead of Runes Asia in Hong Kong. Host Kim (Omnity) set the agenda: unpack Odin’s incident, share risk lessons, highlight innovations, and preview upcoming events. Nakib framed the exploit in industry context: both custodial and non‑custodial platforms suffer hacks; the root cause is often smart contract logic rather than key loss. Kyle (DFINITY) clarified the bug lived at the app/AMM level, not ICP, and stressed DFINITY’s security-first posture and cryptography depth. Vincent (Re/Reswap) described a security path: audits, open source, PSBT-based non-custodial flows, and chain-fusion smart contracts that directly control L1 keys, enabling 5‑second execution with L1 Bitcoin settlement. The panel aligned on a precise BTCFi definition: settlement must complete on Bitcoin L1. Liquidity fragmentation remains a core challenge; Omnity’s hub/bridge and Re’s shared-liquidity design aim to mitigate it. New ideas included “software mining” (e.g., Satoshi’s Initiative on-chain BTC lottery), Bitcoin-native prediction markets (BadBTC), and launchpad models (Block Miner). Odin’s treasury loss is estimated at ~50–60 BTC; operations are paused, quick audits and legal actions are underway, with community support and potential external funding to cover affected users. The group remains bullish on Odin and BTCFi growth, with extensive collaboration expected at Runes Asia on Aug 27.

Session Overview

A community Space focused on Bitcoin DeFi ("BTCFi"), the recent Odin launchpad exploit, security practices, ICP-based infrastructure, and upcoming ecosystem events in Hong Kong (Runes Asia, Bitcoin Asia, Bitcoin Summit). The tone was pragmatic and constructive: acknowledge the exploit, share lessons, and keep building.

Participants referenced by name:

  • Kim (host, Omnity)
  • Vincent (builder of ReSwap and the RE execution layer within Omnity)
  • Nakib (builder/operator working across BTCFi, involved with Broker Protocol and cross-layer integrations)
  • Kyle (DFINITY/ICP; security and infra perspective; AI tooling)
  • Bob (lead of Odin, the runes launchpad)

Market Context and Mood

  • Bitcoin recently hit all-time highs and then retraced. Speakers remain broadly optimistic and bullish despite short-term swings.
  • Builder momentum is strong; multiple new projects and integrations across BTCFi are coming online.

Odin (Runes Launchpad) Incident

What happened

  • A significant exploit drained Odin’s treasury; current best estimate discussed is roughly 50–60 BTC lost. Earlier minor incidents may have occurred (one cited ~8–9 BTC), but this was the largest.
  • Root cause: a bug introduced in a new LP feature at the app/AMM logic level. It is not an ICP protocol bug (per Kyle and Bob’s public statement).

Immediate response and status

  • Operations paused swiftly.
  • Audit actions: Odin engaged a small group of auditors for a fast-track review; more comprehensive audits planned.
  • Legal actions: pursuing legal recourse; some exploiters/users who took advantage reportedly agreed to return funds.
  • Compensation: Bob is lining up external financial support; goal is to make affected users whole or offer meaningful concessions.
  • Community communications: frequent updates from Bob; aim to resume before Hong Kong events if feasible.

Community reaction

  • Two camps emerged: heavy FUD (accusations of repeated mistakes) versus patient supporters who want Odin to recover and continue building.
  • Many community leaders and LPs tied to Odin-aligned communities remain supportive and plan to meet Bob at Runes Asia to discuss next steps.

Security perspective and lessons (Nakib’s lens)

  • Both custodial and non-custodial systems get exploited; security failures are not unique to custodial designs. Historical DeFi exploits (e.g., Kyber, PancakeSwap) often stem from smart contract logic vulnerabilities.
  • Audits are necessary but not sufficient; even “best” audit shops have missed critical issues. Updates and feature releases can reintroduce risk.
  • Personal risk posture: if currently exposed, de-risk first; re-enter cautiously after fixes, audits, and clear post-mortems are available.

ICP stack vs. app-layer bug (Kyle’s lens)

  • The exploit originated in Odin’s AMM app logic, not in ICP’s core.
  • DFINITY emphasizes security (large cryptography team, “put the crypto in cryptography”). FUD often follows success; platforms with users and TVL attract attackers.
  • Industry context: even TradIT sees massive annual losses from hacks. Innovation involves risk; the recovery path and improved hardening are key.

Omnity, RE (Runes Exchange Environment), and ReSwap

Positioning and design goals (Vincent, Kim)

  • Omnity’s focus: aggregate liquidity for BTCFi and provide a high-throughput execution layer (RE) while ensuring final settlement on Bitcoin L1 (non-custodial, trust-minimized). Most products are open-sourced.
  • Liquidity is a primary challenge for BTCFi (especially Runes); Omnity targets shared pools and infra that can serve multiple apps.

ReSwap architecture and UX

  • Non-custodial, PSBT-based trading: users sign PSBTs from their Bitcoin wallets. No bridging or intermediaries.
  • Chain Fusion (ICP): RE smart contracts can control Bitcoin L1 keys to validate inputs/outputs and co-sign PSBTs if AMM logic is satisfied.
  • Performance: 5-second confirmations on RE for trade execution; final settlement on Bitcoin L1 (1 block post-trade) keeps it verifiable and secure.
  • Multi-intent transactions: RE can bundle intents (e.g., Runes→BTC then BTC→stablecoin) into one user-signed PSBT for a single on-chain settlement flow.
  • Runes-to-stable swap: a single pool model that lets all listed Runes trade against a stablecoin via BTC routing, improving capital efficiency.
  • Security lifecycle: ReSwap learned from an early pre-audit incident; now completed full audits and open-sourced code to enable wider peer review and faster issue discovery.

Complementarity with Odin

  • Not competitive; different trade-offs and user needs:
    • Odin: “Solana-speed” user experience and launchpad dynamics.
    • ReSwap/RE: security-first, L1 Bitcoin settlement flows, PSBT-native UX.
  • Communities asked for L1 LP options that never leave user wallets; ReSwap is building to that need and expects to serve Odin’s communities too.

BTCFi Landscape and Definitions

What counts as BTCFi (Nakib)

  • Core criterion: final settlement on Bitcoin Layer 1.
  • Wrapped BTC (e.g., WBTC) or bridged representations settling elsewhere are useful but not “BTCFi” under a strict definition.
  • There’s a spectrum of approaches:
    • Native L1-settling protocols (Runes, PSBT-based AMMs, etc.).
    • Integrations with other ecosystems (e.g., Stacks sBTC, NEAR nBTC) to extend utility while keeping Bitcoin central.

Emerging integrations and niches

  • Broker Protocol: focusing on cross-layer connectivity and niche flows that drive real usage; partnership with Mezzo to bridge back-and-forth with increasing transactional volume.
  • Omnity Bridge: rapidly becoming one of the larger bridges in crypto for Bitcoin connectivity; supports broader Runes ecosystem growth.

New Trends: “Software Mining” and On-chain Experiments

  • Software mining: an application-layer means to “earn” BTC via on-chain mechanisms, analogous in spirit to mining but without hardware outlay.
  • Satoshi’s Initiative: cited as the first on-chain Bitcoin lottery/raffle mechanism, fully transparent and block-scheduled. Small tickets (e.g., $5–10) with many winners; potential for viral adoption. Builders are currently anonymous; there is interest in connecting them with Asian communities.
  • Other experiments:
    • BetBTC: a Bitcoin-settled prediction market (Polymarket-like mechanics).
    • Block Miner: uses mining metaphors/mechanics as a launchpad.
    • Meme-coin “mining” via PoW-style issuance on Bitcoin; low cost entry to “mine”/launch tokens on-chain.

ICP/DFINITY: Security, Infra, and AI Tooling

  • Security-first culture: DFINITY employs a large team of cryptographers; emphasizes security rigor and cryptographic correctness.
  • Infra growth since last year: Runes infra was nascent 12 months ago; now there’s a healthy stack (apps like Odin and Block Miner, infra like Omnity’s RE and bridge, and more projects building on ICP for Bitcoin use cases).
  • AI “Caffeine”: rapid app prototyping tool. Live during the Space, Kyle was composing a Runes-aware game whose availability toggles based on ReSwap purchase activity in the last hour—illustrating “vibe coding” and real-time data-driven UX.

Events: Runes Asia (Hong Kong) and Ecosystem Gatherings

  • Runes Asia: August 27 in Hong Kong. Objectives:
    • Convene top builders, communities, and stakeholders in the Runes/BTCFi space.
    • Constructive dialogue on security hardening, liquidity coordination, and user experience.
    • Bob (Odin) confirmed attendance; will address questions and share the recovery plan.
  • Broader events: Bitcoin Asia and Bitcoin Summit around the same period to amplify ecosystem collaboration.
  • Expected outcomes: faster iteration via in-person coordination, stronger partnerships (e.g., between Odin, Omnity, DFINITY, and community projects), and clearer roadmaps.

Key Takeaways and Recommendations

  • On Odin’s exploit:

    • Cause: app-level AMM bug linked to a new LP feature; not an ICP core issue.
    • Response: pause, audits, legal action, community outreach, and external funding to compensate affected users.
    • Recommendation: users should await the audit report, remediation details, and compensation plan before re-allocating; projects should formalize secure release processes (staged rollouts, kill-switches, canary deployments).

  • On security posture for BTCFi:

    • Treat audits as necessary but not sufficient. Adopt defense-in-depth: open-source for community review, formal verification where feasible, rigorous testing, and continuous monitoring.
    • Be cautious with feature velocity; most catastrophic losses arise from logic flaws introduced during updates.

  • On BTCFi infra and design:

    • Favor designs that preserve Bitcoin L1 settlement with PSBT-native UX; complement high-speed app layers with verifiable L1 finality.
    • Aggregate liquidity and enable multi-intent transactions to reduce friction and improve capital efficiency.

  • On growth vectors:

    • “Software mining,” on-chain lotteries, and prediction markets can onboard users with simple, fun mechanics while remaining fully on-chain and transparent.
    • AI-assisted building (e.g., Caffeine) accelerates prototyping and can inject live on-chain signals into consumer experiences.

Action Items and Next Steps

  • Odin/Bob:

    • Publish a full post-mortem with root cause, scope, and fixes.
    • Share audit outcomes and timelines for staged reopen.
    • Clarify compensation/restitution process and legal pursuit status.

  • Omnity/RE/ReSwap (Vincent, Kim):

    • Continue open-sourcing and security hardening.
    • Prepare L1 LP options for Odin-aligned communities seeking wallet-native liquidity.
    • Expand Runes-to-stable routing and multi-intent UX.

  • DFINITY/ICP (Kyle):

    • Maintain security leadership and clarify ICP’s role in Bitcoin chain-fusion patterns.
    • Demo AI-built Runes apps at Runes Asia; document patterns for builders.

  • Ecosystem builders (Nakib and partners):

    • Pursue cross-layer bridges and niche flows that drive real usage.
    • Explore software mining primitives (e.g., Satoshi’s Initiative) and connect with Asian communities.

  • Community:

    • Meet at Runes Asia to align on security practices, liquidity coordination, and complementary roadmaps.
    • Keep discourse balanced: distinguish app-level faults from base-layer tech.

Closing Sentiment

Despite the setback at Odin, speakers remain bullish on BTCFi and Runes. The path forward: transparent post-mortems, rigorous audits, thoughtful rollout processes, and collaborative infra. With Omnity’s RE, ICP’s chain-fusion security, and inventive apps (from launchpads to software mining and AI-built experiences), the next six months are expected to bring faster iteration, stronger resilience, and broader user adoption—anchored by Bitcoin L1 settlement.