Decentralized exchange protocol Bunni has officially announced its shutdown after experiencing an $8.4 million exploit last month.
This marks the second crypto project to halt operations in October, following the Kadena Organization, which also decided to step back from its project amid ongoing challenges. Who knew building a blockchain was harder than finding a black hole in a galaxy of bad ideas?
The Bunni Hack: What Happened?
On September 2, an attacker stole $8.4 million from the Bunni exchange. In a detailed post-mortem report, the platform explained that the hacker exploited a rounding-direction bug in the smart contract’s withdrawal logic, using a combination of flashloans, micro-withdrawals, and sandwich attacks. It’s like the universe sneezed and accidentally deleted your savings.
The vulnerability allowed the attacker to artificially reduce and inflate the pool’s total liquidity, extracting profits from manipulated swaps. Bunni noted that two pools – weETH/ETH on Unichain and USDC/USDT on Ethereum – were affected. However, the largest pool, Unichain USDC/USD₮0, escaped exploitation due to insufficient flashloan liquidity. Because nothing says “financial security” like relying on a loan from thin air.
“This exploit was a horrible thing that’s been hard on Bunni’s users as well as our team. We’re a small team of 6 people who are passionately committed to building in DeFi-so passionate that we’ve now built a career in bankruptcy. We spent years of our lives and millions of dollars to launch Bunni, because we firmly believe it is the future of AMMs and will go on to process trillions of dollars in value,” the team wrote. (Spoiler: It’ll process exactly zero dollars now.)
DefiLlama data showed that after the hack, Bunni’s Total Value Locked (TVL) declined from $50.82 million to just $1.3 million in a month, marking a drop of 97.44%. That’s not a TVL-it’s a TVF (Total Value Funeral).
$8.4 Million Exploit Forces DEX to Halt Operations
Despite multiple attempts to recover from the incident, including a proposal to let the attacker keep 10% of the stolen funds if the rest was returned, the attempts proved unsuccessful. Because nothing says “trust” like offering a thief a cut of your life savings.
In a recent update, Bunni announced its decision to wind down operations, citing the heavy strain caused by the exploit. The team noted that relaunching would require comprehensive audits and constant monitoring, with estimated costs running hundreds of thousands to millions of dollars, which exceeded available capital. Classic! Run out of money, then run out of hope.
“It’d also take months of development & BD effort just to get Bunni back to where it was before the exploit, which we cannot afford. Thus, we have decided it’s best to shut down Bunni,” the announcement reads. (Translation: We’re done. Go cry in a corner.)
Bunni notified its users that they can withdraw funds through the website. Furthermore, based on a snapshot, the team plans to distribute the remaining treasury assets to BUNNI, LIT, and veBUNNI holders, excluding the team members. Because nothing says “fairness” like rewarding everyone except the people who just lost their jobs.
The distribution details will be released after the legal processes are completed. Meanwhile, the team is cooperating with law enforcement in attempts to recover the stolen funds. Good luck finding a digital thief who’s probably already buying a yacht with your life savings.
“The Bunni v2 smart contracts have been relicensed from BUSL to MIT, enabling everyone to utilize our innovations such as LDFs, surge fees, and autonomous rebalancing. We have pushed the AMM space forward by a generation, and it would be a shame if our efforts went to waste,” the team added. (Spoiler: They did. All of it. Welcome to the void.)
Crypto platforms and exchanges face mounting threats, with incidents like Bunni’s emphasizing the need for strong security. The industry lost $127.06 million in September, with 20 large-scale attacks recorded. DeFi’s latest contribution to the universe: a perfectly good idea that’s now a cautionary tale about the dangers of trusting smart contracts.
Besides security reasons, volatile market conditions have also forced platforms to leave the market. Yesterday, the Kadena organization ceased all business operations, leaving the Kadena blockchain to independent miners. Because nothing says “legacy” like abandoning your own blockchain to fend for itself.
Read More
- AWS crash causes $2,000 Smart Beds to overheat and get stuck upright
- Gold Rate Forecast
- When will Absolum have crossplay? It might take a while, but It’s on the horizon
- Brent Oil Forecast
- Actors Who Voiced the Most Disney Characters
- James Gunn Compares Supergirl to this MCU Crowdpleaser With a 92% RT Score
- Does Escape from Duckov have controller support? Here’s the full breakdown
- Battlefield 6 devs respond to Portal XP farms using up all the servers
- Shape of Dreams Best Builds Guide – Aurena, Shell, Bismuth & Nachia
- Only Murders in the Building Recap: Bodies, Bodies, Bodies
2025-10-23 12:03