Bunni DEX Shut Down Operations After Failure To Recover From $8.4 Million Exploit

Uniswap v4-based decentralized exchange Bunni has announced that it is officially closing down, citing financial constraints following a recent exploit that resulted in $8.4 million worth of crypto assets being stolen. 

Bunni has joined layer-1 blockchain Kadena (KDA) as the second crypto project to fold this week amid a wave of setbacks across the decentralized finance (DeFi) sector.

Bunni Teams says the DEX will wind up Operations as it lacks the Capital for a Complete Recovery

In a Wednesday X post, the Bunni team notified that they do not have enough resources to fund a secure relaunch. The exploit, which occurred in September 2025, completely halted the DEX’s growth, and the team will have to pay 6-7 figures in audits and monitoring expenses alone to restart operations, which is capital they do not have.

The team noted that it would take months of business development efforts to recover from the setback and thus decided that the best option economically was to shut down the platform.

Bunni suffered a massive hack on September 2, which drained $8.4 million in assets from its Ethereum ($2.4 million) and Unichain ($6 million) liquidity pools. A post-mortem report revealed that attackers had exploited a rounding error in the platform’s Ethereum smart contract withdrawal function.

The report stated that the hack affected two pools – the weETH/ETH pair on Unichain and the USDC/USDT pair on Ethereum. The root issue was with the rounding direction within the protocol’s codebase that updated idle balances during withdrawals.

Behind The Bunni DEX Flash Loan Exploit

Apparently, the attacker capitalized on this fatal flaw and launched a flash loan attack to steal funds by manipulating pool prices and liquidity. 

They first borrowed $3 million in USDT on Ethereum via a flash loan and conducted a series of swaps to manipulate the price. This reduced the available USDC to just 28 wei – the smallest denomination of Ether, valued at 0.000000000000000028 ETH, worthless in U.S. dollar terms.

The hacker then exploited the platform’s rounding errors through 44 small withdrawals, further draining the USDC balance and disproportionately dropping the USDC/USDT pool’s total liquidity. For their final trick, they executed a large swap to inflate the token’s price and then performed a reverse swap at the manipulated price.

Bunni paused all operations, including deposits, swaps, and withdrawals, immediately after being notified of the hack. It resumed just withdrawals across all networks a day later, after a fork test conducted by blockchain security firm Cydrin flagged the exchange as safe.

Roughly half of the assets stolen from Unchain were swapped to ETH before bridging to the Ethereum mainnet in a series of 100 transfers via Across Protocol. The Bunni team traced the stolen funds to two wallets but could not identify the attacker as the tokens were funneled through the crypto mixer Tornado Cash.

At the time, Bunni said it was working on developing its testing framework to restore operations. However, the financial scale of its losses became too large to recover from, resulting in the decision to shut down.

Users Can Withdraw Funds from the Official Website, while BUNNI, LIT, and veBUNNI Holders will receive Treasury Funds

With the exchange ceasing operations, Bunni has announced that its users will be allowed to withdraw their assets from the official website until further notice. The team plans to distribute its remaining treasury assets to those who hold BUNNI, LIT, and veBUNNI tokens after conducting a snapshot of eligible wallets, pending legal validation. They confirmed that core team members will be excluded from the distribution event.

Bunni, a DEX built on Uniswap v4, aimed to optimize returns for liquidity providers through a unique system known as the Liquidity Distribution Function. Prior to the hack, the exchange had seen explosive growth, with total value locked (TVL) on the platform jumping from $2.23 million in June 2025 to nearly $80 million by mid-August, according to DefiLlama data.

Bunni to Open-Source its Technologies for DeFi Adoption

Despite shutting down, Bunni has decided to open-source its V2 smart contracts by moving them from a Business Source License (BSL) to the less restrictive MIT license, allowing developers to adopt its innovative technologies, including liquidity distribution, surge fees, and autonomous rebalancing, into other DeFi projects without any legal red tape.

This decision drew praise from the broader crypto community for preserving the exchange’s technical contributions to the industry.

The Bunni team said they are cooperating with law enforcement to recover the stolen funds. They have offered the attacker 10% of the loot as a bounty for returning the remainder, while also working with centralized exchanges to freeze accounts linked to the hacker’s wallet.

Also Read: Kadena Shut Down: Investors Recount Massive Losses as $KDA Organization Ceases Operations Citing “Market Conditions”

The post Bunni DEX Shut Down Operations After Failure To Recover From $8.4 Million Exploit appeared first on BiteMyCoin.