Last updated on October 31st, 2025 at 03:39 pm
Quick Breakdown
- $8.4M drained: Hackers exploited Bunni’s liquidity function to steal funds in early September.
- Operations halted: The team confirmed it cannot afford a safe relaunch and is shutting down.
- Users to be compensated: Remaining assets will be distributed to BUNNI, LIT, and veBUNNI holders.
Bunni pulls the plug after devastating hack
In a major blow to the decentralized finance (DeFi) sector, decentralized exchange Bunni has officially shut down after suffering an $8.4 million exploit that crippled its operations. The announcement, made on October 23 via X, confirmed the project’s permanent closure, with the team admitting it could not afford a safe relaunch following the incident.
Hello everyone, it is with saddened hearts that we announce the shutdown of Bunni.
The recent exploit has forced Bunni’s growth to a halt, and in order to securely relaunch we’d need to pay 6-7 figures in audit & monitoring expenses alone – requiring capital that we simply don’t…
— Bunni (@bunni_xyz) October 23, 2025
Bunni, built on Uniswap V4 hooks, had earned a reputation for its innovative liquidity management mechanisms before the attack brought everything to a halt.
Exploit drains millions and halts growth
The attack occurred in early September and targeted Bunni’s core Ethereum and Unichain smart contracts. Exploiters manipulated a flaw in the platform’s Liquidity Distribution Function (LDF) — a system designed to maximize returns for liquidity providers.
Through flash loan manipulation and rounding errors, attackers siphoned off roughly $8.4 million, mainly in USDC and USDT, before the team froze operations. Despite offering a 10% bounty for the return of funds, the hacker remained unresponsive.
Audits by Trail of Bits and Cyfrin failed to catch the issue beforehand, as the vulnerability was later identified as a “logic-level flaw”, not an implementation bug.
Team plans compensation, open-sources code
In its shutdown notice, Bunni explained that restarting safely would have required six- to seven-figure funding for audits and monitoring — an expense it could not bear.
Affected users will still be able to withdraw their funds via the official Bunni website until further notice. Additionally, remaining treasury assets will be distributed among BUNNI, LIT, and veBUNNI holders based on a final snapshot, with team members excluded from the payout.
As a final gesture to the community, the team relicensed its v2 smart contracts from BUSL to MIT, allowing other developers to freely build upon its innovations such as LDFs, surge fees, and autonomous rebalancing.
Meanwhile, SwissBorg, a prominent crypto investment platform, recently faced a significant security breach when its Bitcoin app was exploited in a Solana network hack causing an estimated loss of $41 million.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
