Bunni Vulnerability May Have Enabled $2.4M Stablecoin Drain, Including $1.33M in USDC

  • Exploit type: LDF rebalancing manipulation on Uniswap v4-based contracts

  • Funds lost: ~ $1.33M USDC and $1.04M USDT, total ≈ $2.4M.

  • Response: All Bunni smart contract functions paused; withdraw funds and monitor official COINOTAG updates.

Bunni exploit: $2.4M drained in stablecoins after LDF rebalancing bug. Bunni paused contracts; withdraw funds now. Read analysis, expert commentary and next steps.

What is the Bunni exploit?

The Bunni exploit is an onchain attack that manipulated Bunni’s custom Liquidity Distribution Function (LDF) rebalancing logic, allowing an attacker to force incorrect liquidity-provider (LP) share calculations and drain roughly $2.4 million in stablecoins from Ethereum-based contracts.

How did the attacker manipulate the LDF and rebalancing logic?

Early technical analysis shows the attacker executed trades of specific sizes that triggered faulty LDF rebalancing calculations. The custom LDF, built on Uniswap v4 primitives, computed LP entitlements incorrectly when fed edge-case trade sizes, allowing gradual extraction without immediate alarms.

The attacker repeated the exploit multiple times, moving funds to a single address holding ~ $1.33M USDC and ~ $1.04M USDT. Security researchers and developers, including commentary from Victor Tran (co‑founder, KyberNetwork), identified the manipulation pattern onchain.

01990968 4d1e 7e04 83f2 96cb2e1e7c8a
Experts ask Bunni users to remove funds. Source: Michael Bentley

When did Bunni detect and respond to the exploit?

Bunni’s team confirmed the security exploit on X and paused all smart contract functions across networks as a precaution. The pause aims to prevent further unauthorized withdrawals while an internal investigation and post‑mortem proceed.

What funds were affected and how large was the loss?

Onchain analysis shows the exploit drained approximately $2.37 million in stablecoins: ~ $1.33M in USDC and ~ $1.04M in USDT. These figures are aggregated from blockchain trace data and public security firm reports available onchain and via community posts.

Security monitoring firms noted the attack fits a growing pattern of protocol-level logic manipulation rather than simple private key compromise.

0199096a 7738 731c 89e7 0b08dce1a169
Attacker exploits Bunni’s liquidity function. Source: Victor Tran

How should affected users respond now?

If you have funds on Bunni, withdraw immediately to a secure wallet under your control. Paused contracts prevent normal operations; withdrawing (where available) reduces exposure while the team investigates.

Recommended steps:

  1. Withdraw funds to a self-custodial wallet you control.
  2. Revoke any unnecessary token approvals using a trusted wallet interface.
  3. Monitor the affected contract addresses and follow official COINOTAG updates.
  4. Do not interact with unverified recovery tools or services; prefer official team guidance.

Why does this exploit matter for DeFi security?

This incident highlights risks in custom protocol logic: replacing widely audited primitives (Uniswap defaults) with bespoke mechanisms like the LDF can introduce edge-case vulnerabilities. The incident underscores the need for thorough formal verification and multi-party audits for novel liquidity algorithms.

What broader trends do security firms report?

August saw crypto thefts exceed $163 million across multiple incidents, a rise versus July. Firms such as PeckShield reported attackers shifting tactics toward higher-value targets and protocol logic exploits, increasing the importance of robust smart contract design and incident response planning.


Frequently Asked Questions

How long will Bunni contracts remain paused?

Pause duration depends on the investigation timeline. Bunni’s team paused contracts immediately; they will provide updates as root-cause analysis and potential fixes progress. Monitor COINOTAG and official Bunni announcements.

Can drained funds be recovered?

Fund recovery depends on attacker behavior and possible legal or onchain remedies. Recovery is uncertain; protocols sometimes coordinate with exchanges and security firms, but outcomes vary by case.

Key Takeaways

  • Exploit mechanics: LDF rebalancing logic on Uniswap v4-based contracts was manipulated.
  • Immediate impact: ≈ $2.37M in USDC and USDT drained; contracts paused.
  • User action: Withdraw funds, revoke approvals, monitor official COINOTAG updates, and follow security guidance.

Conclusion

This Bunni exploit demonstrates the risks of bespoke liquidity logic in decentralized exchanges. Bunni exploit victims should act quickly to withdraw and secure funds while teams complete a post‑mortem. Expect further technical details and remediation steps from the Bunni team and security researchers in the coming days.










Published: 2025-09-02 · Updated: 2025-09-02 · Author: COINOTAG

Don't forget to enable notifications for our Twitter account and Telegram channel to stay informed about the latest cryptocurrency news.

BREAKING NEWS

Whale Sells 602.8 WBTC to Acquire 15,083 ETH — Now Holding 16,909 ETH Worth $73.8M

COINOTAG reported on September 2 that on‑chain analytics firm...

$SOMI soon on Bybit spot

$SOMI soon on Bybit spot #SOMI

Mastercard Europe’s Christian Rau: Cryptocurrency to Complement — Not Replace — Global Payments System

COINOTAG News on September 2 reports that Christian Rau,...

WLFI Hits $0.2427 on First Day After Eric Trump Retweet; Network Trading Volume Exceeds $2.8B

COINOTAG reported on September 2 that Eric Trump retweeted...

Bitcoin Retraces 12% Since ATH — CryptoQuant’s Darkfost Calls Dip Healthy and Within Bull Market Norms

According to COINOTAG News (September 2), CryptoQuant analyst Darkfost...
spot_imgspot_imgspot_img

Related Articles

spot_imgspot_imgspot_imgspot_img

Popular Categories

spot_imgspot_imgspot_img