Bunni DEX Loses $8.4 Million in Sophisticated Smart Contract Attack
The post Bunni DEX Loses $8.4 Million in Sophisticated Smart Contract Attack appeared on BitcoinEthereumNews.com. Bunni DEX, a cutting-edge decentralized exchange built on Uniswap v4, fell victim to a major security breach on September 2, 2025. Hackers drained an estimated $8.4 million from the platform by exploiting a vulnerability in its custom liquidity management system. The attack targeted Bunni’s innovative Liquidity Distribution Function (LDF), a specialized mechanism the platform uses instead of standard Uniswap protocols. Within hours of detecting the breach, Bunni’s team suspended all smart contract operations across multiple blockchain networks as a safety measure. How the Attack Unfolded The exploit centered on Bunni’s custom LDF system, which manages how liquidity gets distributed across different price ranges. This system was designed to boost returns for liquidity providers, but hackers found a way to manipulate it. Victor Tran, co-founder of KyberNetwork, explained the attack method on social media. The hacker executed trades using very specific amounts that confused Bunni’s rebalancing calculations. These carefully chosen trade sizes caused the system to miscalculate how much each liquidity provider should own from the pool. By repeating this process multiple times, the attacker gradually withdrew more tokens than they were entitled to. The stolen funds totaled approximately $2.4 million from Ethereum and $6 million from Unichain, Uniswap’s layer-2 network. The hacker then moved all funds to Ethereum using the Across Protocol bridging system. Source: @bunni_xyz Security firm Hacken tracked the stolen assets to specific wallet addresses. The funds included $1.33 million in USDC and $1.04 million in USDT stablecoins, according to blockchain data. Bunni’s Response and Recovery Efforts Following the attack, Bunni took immediate action to protect remaining user funds. The team paused all smart contract functions across supported networks, including Ethereum, Base, Arbitrum, and BNB Smart Chain. Source: @bunni_xyz Core contributor @Psaul26ix urged users to withdraw their funds immediately. “If you have money on Bunni, remove it ASAP,”…
The post Bunni DEX Loses $8.4 Million in Sophisticated Smart Contract Attack appeared on BitcoinEthereumNews.com.
Bunni DEX, a cutting-edge decentralized exchange built on Uniswap v4, fell victim to a major security breach on September 2, 2025. Hackers drained an estimated $8.4 million from the platform by exploiting a vulnerability in its custom liquidity management system. The attack targeted Bunni’s innovative Liquidity Distribution Function (LDF), a specialized mechanism the platform uses instead of standard Uniswap protocols. Within hours of detecting the breach, Bunni’s team suspended all smart contract operations across multiple blockchain networks as a safety measure. How the Attack Unfolded The exploit centered on Bunni’s custom LDF system, which manages how liquidity gets distributed across different price ranges. This system was designed to boost returns for liquidity providers, but hackers found a way to manipulate it. Victor Tran, co-founder of KyberNetwork, explained the attack method on social media. The hacker executed trades using very specific amounts that confused Bunni’s rebalancing calculations. These carefully chosen trade sizes caused the system to miscalculate how much each liquidity provider should own from the pool. By repeating this process multiple times, the attacker gradually withdrew more tokens than they were entitled to. The stolen funds totaled approximately $2.4 million from Ethereum and $6 million from Unichain, Uniswap’s layer-2 network. The hacker then moved all funds to Ethereum using the Across Protocol bridging system. Source: @bunni_xyz Security firm Hacken tracked the stolen assets to specific wallet addresses. The funds included $1.33 million in USDC and $1.04 million in USDT stablecoins, according to blockchain data. Bunni’s Response and Recovery Efforts Following the attack, Bunni took immediate action to protect remaining user funds. The team paused all smart contract functions across supported networks, including Ethereum, Base, Arbitrum, and BNB Smart Chain. Source: @bunni_xyz Core contributor @Psaul26ix urged users to withdraw their funds immediately. “If you have money on Bunni, remove it ASAP,”…
What's Your Reaction?
