Bunni DEX Shuts Down After $8.4M Loss in September Exploit

TLDR

• Bunni DEX has officially shut down after losing $8.4 million in a major exploit.
• The attack targeted Bunni’s Ethereum and Unichain smart contracts, exploiting a flaw in the Liquidity Distribution Function.
• Despite offering a 10% bounty for the return of stolen funds, the attacker did not respond.
• Bunni’s total value locked dropped from over $60 million to nearly zero after the exploit.
• The project could not afford the high costs required for a secure relaunch and decided to close.

Bunni DEX has officially shut down after losing over $8.4 million in a September exploit. The decentralized exchange (DEX) was known for its innovative liquidity, but it was hit by a severe attack that drained funds. The project announced its closure on October 23 through its official X account.

Hack Leaves Project Unable to Recover

The attack occurred in early September and targeted Bunni’s Ethereum and Unichain smart contracts. Hackers exploited a vulnerability in Bunni’s Liquidity Distribution Function (LDF). The flaw allowed attackers to withdraw more assets than they were entitled to. The exploit used flash loan manipulation and rounding errors to extract the funds.

The total loss amounted to around $8.4 million, mainly in USDC and USDT. After the attack, Bunni froze its contract operations to prevent further damage. The project offered a 10% bounty to the attacker to return the funds, but there was no response.

Bunni’s total value locked (TVL) collapsed from over $60 million to nearly zero. Following the attack, trading and development activities came to a standstill. The project’s growth was halted, and the team confirmed that a secure relaunch was impossible.

Bunni DEX Unable to Afford Safe Relaunch

In a statement, the Bunni team explained that the costs to relaunch securely were too high. The team stated that it would need “six to seven figures” for audit and monitoring costs. Additionally, months of redevelopment would have been necessary to recover.

The financial burden to resume operations was beyond what Bunni could afford. As a result, the team decided to shut down the platform. Despite earlier audits by Trail of Bits and Cyfrin, the bug was classified as a “logic-level flaw” rather than an implementation error.

Users can still withdraw their funds from the Bunni DEX website. However, the platform will distribute remaining treasury assets based on a snapshot of BUNNI, LIT, and veBUNNI holders. This distribution will occur once the legal process concludes. Team members will not receive any share of the remaining funds.

Bunni DEX Relicenses Smart Contracts and Moves Forward with Law Enforcement

In its final move, Bunni relicensed its v2 smart contracts from the BUSL license to the MIT license. This will allow other developers to freely access the technologies, including LDFs, surge fees, and autonomous rebalancing. The project team also confirmed its collaboration with law enforcement to recover the stolen funds.

Despite the shutdown, Bunni’s technology will remain available to the broader decentralized finance (DeFi) community. However, the exploit and the subsequent closure have added to a troubling year for blockchain security. As of 2025, over $3.1 billion has been lost in hacks and exploits across the industry.

The post Bunni DEX Shuts Down After $8.4M Loss in September Exploit appeared first on CoinCentral.