Bunni DEX Shuts Down After $8.4M USDC and USDT Exploit Drains Liquidity

• Exploit Details: The hack targeted smart contracts, allowing unauthorized asset withdrawals exceeding entitled amounts.

• Shutdown Announcement: Bunni’s team cited high audit and monitoring expenses of six to seven figures as unaffordable for relaunch.

• Impact Statistics: Total value locked dropped from $60 million to near zero; 2025 blockchain hacks have caused $3.1 billion in losses per Hacken’s report.

Bunni DEX hack drains $8.4M, forcing shutdown. Learn how the exploit happened, legacy changes, and user withdrawals in this crypto security update. Stay informed on DeFi risks today.

What Caused the Bunni DEX Hack and Shutdown?

The Bunni DEX hack occurred in September 2025 when attackers exploited a vulnerability in the platform’s Liquidity Distribution Function, enabling them to withdraw more USDC and USDT than authorized through flash loan attacks and rounding errors in smart contracts on Ethereum and Unichain. This led to a loss of over $8.4 million, prompting Bunni to freeze operations and ultimately announce a full shutdown due to prohibitive relaunch costs. The incident highlights ongoing challenges in DeFi smart contract security despite prior audits.

How Did Attackers Exploit Bunni’s Smart Contracts?

The vulnerability stemmed from a logic-level flaw in the Liquidity Distribution Function, which failed to properly account for rounding errors during high-volume transactions facilitated by flash loans. Attackers initiated these loans to manipulate liquidity pools, extracting excess funds before the contracts could rebalance. Previous audits by Trail of Bits and Cyfrin identified implementation strengths but missed this subtle logic issue, as confirmed in Bunni’s post-exploit analysis. The team offered a 10% bounty for fund recovery, but the attacker did not respond. This exploit aligns with broader 2025 trends, where DeFi protocols lost $3.1 billion to similar attacks, according to Hacken’s annual security report. Experts like those from PeckShield emphasize that such logic flaws require rigorous mathematical modeling beyond standard code reviews to prevent recurrence.

The attackers exploit a flaw in Bunni’s smart contract to Steal the funds

Bunni DEX, a decentralized exchange known for providing users with liquidity, has announced today that is shutting down operations following a major exploit in September that drained over $8.4 million from user funds.

Frequently Asked Questions

What steps can Bunni users take after the DEX shutdown?

Users can still withdraw their remaining assets directly through the Bunni website until operations fully cease. The team plans to distribute treasury assets to BUNNI, LIT, and veBUNNI token holders following a legal review, excluding team members. This process ensures fair allocation without further platform access requirements.

Will Bunni’s technology continue in the DeFi space post-shutdown?

Yes, Bunni has open-sourced its v2 smart contracts under the MIT license, allowing developers to freely adopt features like Liquidity Distribution Functions, surge fees, and automatic rebalancing. This move preserves the project’s innovations while the team collaborates with law enforcement to pursue stolen funds recovery.

The team announced that this shutdown would cost the firm’s growth and that restarting safely would cost six to seven figures in audits and monitoring which they cannot afford.

“Hello everyone, it is with saddened hearts that we announce the shutdown of Bunni,” the team wrote. They also explained that months of work and business effort would also be needed to restore the platform, but currently, these resources are unavailable.

The exploit drained mostly USDC and USDT before the team froze contract operations. A 10% bounty was offered to recover the funds, but the attacker never responded. Audits by Trail of Bits and Cyfrin had taken place earlier, but the flaw was classified as a “logic-level” issue rather than an implementation error.

Since the hack, Bunni’s total value locked has fallen from over $60 million to nearly zero. Trading and development activity stopped completely, leaving the platform inactive.

However, users can still withdraw assets through the Bunni website until further notice. The team also plans to give the remaining treasury assets to BUNNI, LIT, and veBUNNI holders after a legal process is completed. Team members are excluded from this distribution.

Bunni’s Legacy and Open Access

In addition to this, Bunni also changed the license of its v2 smart contracts from BUSL to MIT. This means other developers can now use Bunni’s ideas, like LDFs, surge fees, and automatic rebalancing, for free. The team said they are still working with law enforcement to try to get the stolen funds back.The shutdown adds to the difficult year for blockchain security, which has seen over $3.1 billion lost to hacks and exploits in 2025, according to Hacken’s report.

Key Takeaways

• Security Flaws Persist: Even audited DeFi protocols like Bunni remain vulnerable to logic errors in complex functions such as liquidity distribution.
• Financial Impact: The $8.4 million loss and $60 million TVL decline underscore the high stakes for emerging DEX platforms in 2025.
• Path Forward: Open-sourcing under MIT license enables community-driven improvements; users should monitor withdrawal deadlines and token distributions closely.

Conclusion

The Bunni DEX hack exemplifies the precarious balance between innovation and security in decentralized finance, where a single smart contract flaw can lead to operational collapse amid $3.1 billion in yearly industry losses. As Bunni transitions to legacy mode with open-source contributions, it serves as a cautionary tale for DeFi developers to prioritize advanced auditing techniques. Looking ahead, enhanced regulatory scrutiny and collaborative security standards may mitigate such risks, encouraging safer liquidity provision in the evolving crypto landscape.

Also Read: U.S. Investor Loses $3M in XRP Hack Through Huione Laundering

Follow The COINOTAG on Google News to Stay Updated!