DEX Bunni Suffers Smart Contract Attack, Losing $2,3 Million
- Bunni DEX Loses $2,3 Million in Stablecoins
- Exploitation occurred via a flaw in the Liquidity Distribution Function
- 2025 already totals more than US$3,1 billion in losses
Decentralized exchange Bunni confirmed it suffered a smart contract exploit that resulted in the loss of approximately $2,3 million in stablecoins. The attack, which occurred on September 2nd, led the exchange to suspend all smart contract functions on its networks as a precautionary measure.
"Our application has been affected by a security flaw. As a precaution, we have paused all smart contract functionality across all networks. Our team is actively investigating and will provide updates soon," Bunni said in a post on X.
🚨 The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon. Thank you for your patience.
— Bunni (@bunni_xyz) September 2, 2025
Security firm BlockSec was one of the first to detect the anomalous activity. The attacker exploited a vulnerability in the Liquidity Distribution Function (LDF), a unique Bunni feature designed to optimize allocation across different price ranges and enable more complex strategies than standard Uniswap.
ALERT! Our system detected a suspicious transaction targeting @bunni_xyz 's contract on #Ethereum , and the loss is ~$2.3M. Please take actions ASAP.
—BlockSec Phalcon (@Phalcon_xyz) September 2, 2025
The attack consisted of multiple transactions that distorted the pool rebalancing logic, allowing the withdrawal of more tokens than were available. After repeating the process several times, the attacker consolidated the funds into a single Ethereum wallet , now with $1,33 million in USDC and $1,04 million in USDT.
The incident comes at a crucial time for Bunni, which recently reached a total value locked of $60 million and surpassed $1 billion in trading volume in August. Launched in February, the platform operates on both Ethereum and Unichain, leveraging Uniswap V4 technology.
This was the first major attack on DeFi protocols in September, following an August marked by significant losses. Last month alone, 16 incidents resulted in losses totaling $163 million, including the theft of $91 million from a Bitcoin whale through social engineering and a $48 million attack on the Turkish exchange BtcTurk.
With the Bunni attack, accumulated losses in 2025 already exceed US$3,1 billion, surpassing the US$2,2 billion recorded in all of 2024 and reinforcing the security risks that still challenge the DeFi sector.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
From Spotlight to the Sidelines: The Bubble Burst of 8 Star VC-Backed Projects
Is it because the model is unsustainable, the ecosystem has yet to launch, the competitors are too strong, or is there simply insufficient market demand?
The Next "Black Swan": "Tariff Refund Mega Deal", Wall Street and Individual Investors Are Placing Bets
Individual investors are participating in this game through emerging prediction markets such as Kalshi and Polymarket.
Since the U.S. legislation in July, stablecoin usage has surged by 70%!
After the "Genius Act" was passed in the United States, stablecoin payment volumes surged, with August transactions exceeding 10 billion USD. Nearly two-thirds of this amount came from inter-company transfers, making it the main driving force.
BlackRock Shifts $500 Million Funds to Polygon Network
In Brief BlackRock transfers $500 million to Polygon, enhancing blockchain integration in finance. The move shows increased trust in blockchain-based financial structures. It indicates a trend towards decentralization and long-term structural change in finance.
Trending news
MoreCrypto prices
More
