$8.4 Million Hack Forces Bunni DEX to Shut Down
Decentralized exchange (DEX) Bunni announced its permanent closure following a major hack last month that resulted in losses totaling $8.4 million. The platform’s founders stated that the high costs associated with a secure relaunch—ranging in the six to seven figures for audits and monitoring—were beyond their financial capacity.
The attack exploited Bunni’s Liquidity Density Function (LDF) across two pools: weETH/ETH on Unichain and USDC/USDT on Ethereum. According to Bunni’s post-mortem report, the attacker drained funds by leveraging flash loans and manipulating pool prices, subsequently bridging the stolen assets to Ethereum.
Bunni’s team highlighted the complexity of recovering from the exploit, stating, “It’d also take months of development & BD effort just to get Bunni back to where it was before the exploit, which we cannot afford. Thus, we have decided it’s best to shut down Bunni.”
Hello everyone, it is with saddened hearts that we announce the shutdown of Bunni.
The recent exploit has forced Bunni's growth to a halt, and in order to securely relaunch we'd need to pay 6-7 figures in audit & monitoring expenses alone – requiring capital that we simply don't…— Bunni (@bunni_xyz) October 23, 2025Browse Posts
Users can still withdraw their funds via the platform’s website while the team completes legal proceedings to distribute the remaining treasury assets. Importantly, Bunni excluded its own members from any payouts during this process.
Industry experts emphasize the lessons from this event. Kadan Stadelmann, CTO of Komodo Platform, noted, “This hack shows the industry in no uncertain terms that custom liquidity logic needs exhaustive testing, as flash loans introduce low-risk exploits.” The attack involved a three-step process: flashloan swaps, numerous small withdrawals, and a sandwich attack to manipulate prices.
Flash loans, which allow borrowing large amounts without collateral within a single transaction, were key to the exploit. Dmitry Machikhin, CEO of BitOK, added, “Following the hack, it is highly likely the proceeds were layered across multiple chains to distance them from their illicit origin.”
In a positive move for the DeFi community, Bunni relicensed its v2 smart contracts from BUSL to MIT, allowing others to use innovations like LDFs, surge fees, and autonomous rebalancing. The team hopes these contributions will support broader ecosystem development.
[…] its simplest form, Kamino Finance is a DeFi protocol built upon the Solana blockchain that automates liquidity provision, lending, borrowing, […]