Bunni DEX Shuts Down After $8.4 Million Hack
Bunni DEX, a decentralized exchange known for liquidity services, announced it will cease operations. The decision follows a major exploit in September that drained over $8.4 million from user funds.
Details of the Exploit
The hack targeted Bunni’s Ethereum and Unichain smart contracts. Attackers exploited a flaw in the Liquidity Distribution Function (LDF). This flaw allowed withdrawals exceeding entitled amounts through flash loan manipulation and rounding errors.
The team froze contract operations after the attack, which mainly affected USDC and USDT tokens. They offered a 10% bounty to recover stolen funds, but the attacker did not respond.
Previous audits by Trail of Bits and Cyfrin identified the flaw as a “logic-level” issue, not an implementation error. Since the hack, Bunni’s total value locked dropped from over $60 million to nearly zero. Trading and development have stopped completely.
The team stated that restarting the platform would require six to seven figures in audit and monitoring costs, which they cannot afford. They wrote on Twitter, “The recent exploit has forced Bunni’s growth to a halt, and in order to securely relaunch we’d need to pay 6-7 figures in audit & monitoring expenses alone – requiring capital that we simply don’t have.”
Users can still withdraw assets through the Bunni website until further notice. The team plans to distribute remaining treasury assets to BUNNI, LIT, and veBUNNI holders after completing a legal process. Team members will not receive any distribution.
Bunni’s Open Source Legacy and Legal Efforts
Bunni changed the license of its v2 smart contracts from BUSL to MIT. This allows other developers to freely use Bunni’s innovations, including LDFs, surge fees, and automatic rebalancing.
The team is cooperating with law enforcement to recover the stolen funds. The shutdown highlights ongoing security challenges in blockchain. According to Hacken’s 2025 report, over $3.1 billion has been lost to hacks and exploits this year.
