Scroll Top


 An 8.4 million exploit permanently closes down Bunni DEX, which estimates the audit costs to be 6-7 figures, and does not have funds to recover.

Bunni, a decentralized exchange, announced that it is closing down due to being exposed to an exploit of up to 8.4 million last month. 

Source – X

The attack on the core smart contracts on Ethereum and Unichain caused Bunni to empty the liquidity pools that hold stablecoins USDT and USDC. 

The attack used the Liquidity Density Function (LDF) of Bunni, whose custom is used across pools, and the stolen assets have been bridged into Ethereum and laundered.​

The Bunni team estimated that the cost of a safe re-launch of the protocol would be between six to seven figures just on audits and monitoring. 

Further, the development and business work would take months to recover the platform. 

The decision to close was arrived at due to a lack of capital to meet these expenses. Users can still redeem their tokens through the Bunni site at present.​

Post-Hack Fallout: Legal Steps and Open-Source Contributions

The project intends to pay over the remaining treasury assets to BUNNI, LIT, and veBUNNI token holders according to a pre-shutdown snapshot.

The members of the team, however, are not in the distribution, which will follow after continual legal approvals.​

Bunni relicensed its v2 smart contracts under the restrictive Business Source License (BUSL) to an open-source MIT license in a bid to keep its technological innovations. 

The larger DeFi community can now adopt the functionality Bunni was the first to introduce, such as LDFs, surge fees, and autonomous rebalancing, with this move.​

The team is also working closely with law enforcement in order to reclaim stolen money. To tempt the return of the assets, Bunni made an offer of 10 percent of the stolen funds to the hacker, who has still not responded.​

Breakdown of the Exploit and Industry Implications

The exploit exploited flash loans, quick withdrawals, and sandwich attacks to inflate pool prices and empty assets. 

Flash loans enable one to borrow large amounts of money without collateral. This was visible in the attack and indicated the dangers of relying on custom liquidity logic without thorough testing.​

The crypto market of 2025 has an increasing security crisis, whereby more than 2 billion has been stolen this year. 

The closure of Bunni is one of a series of recent shutdowns, highlighting some of the vulnerabilities in the DeFi projects and the expensive nature of secure development.​



Source link

bitcoin

Bitcoin (BTC)

$ 110,634.00
ethereum

Ethereum (ETH)

$ 3,872.07
tether

Tether (USDT)

$ 1.00
bnb

BNB (BNB)

$ 1,137.26
xrp

XRP (XRP)

$ 2.40
solana

Solana (SOL)

$ 192.75
usd-coin

USDC (USDC)

$ 0.999833
staked-ether

Lido Staked Ether (STETH)

$ 3,867.26
tron

TRON (TRX)

$ 0.313278
dogecoin

Dogecoin (DOGE)

$ 0.195419
cardano

Cardano (ADA)

$ 0.645058
chainlink

Chainlink (LINK)

$ 17.45
stellar

Stellar (XLM)

$ 0.311542
sui

Sui (SUI)

$ 2.43
avalanche-2

Avalanche (AVAX)

$ 19.23
shiba-inu

Shiba Inu (SHIB)

$ 0.000010
the-open-network

Toncoin (TON)

$ 2.13
polkadot

Polkadot (DOT)

$ 3.00
gems-vip

Gems VIP (GEMS)

$ 0.196917

Add Comment