In another blow to the decentralized finance (DeFi) sector, Bunni DEX, a Uniswap V4-based decentralized exchange, has announced its permanent shutdown following an $8.4 million exploit that crippled its operations. The team cited an inability to cover relaunch and audit costs, marking one of the most significant DeFi collapses of 2025.
The exploit, which occurred on September 2, targeted Bunni’s Liquidity Distribution Function (LDF), a custom mechanism designed to optimize liquidity for traders.
Hackers used flash loans to manipulate internal calculations, triggering rounding errors that allowed them to drain funds across Ethereum and Unichain networks. Despite prior audits by Trail of Bits and Cyfrin, the logic-level flaw went undetected.
Users Allowed Withdrawals, But Recovery Looks Grim
Before the attack, Bunni had rapidly grown from $2.2 million to nearly $80 million in total value locked (TVL), according to DeFiLlama data. However, the breach erased months of progress in a matter of seconds.
Following the hack, Bunni’s team halted operations, paused all smart contracts, and urged users to withdraw their remaining assets “until further notice.” Remaining treasury funds will be redistributed to BUNNI, LIT, and veBUNNI tokenholders, with the team pledging to exclude themselves from the compensation process.
“The recent exploit has forced Bunni’s growth to a halt,” the team posted on X. “To securely relaunch, we’d need six to seven figures for audits and monitoring, capital that we simply don’t have.”
In a final act before winding down, Bunni relicensed its v2 smart contracts from Business Source License (BUSL) to MIT, opening its technology, including liquidity distribution functions, surge fees, and autonomous rebalancing, to other developers in the DeFi ecosystem.
ETH's price trends sideways on the daily chart. Source: ETHUSD on Tradingview
The Broader Impact on DeFi Security
Bunni’s collapse spotlights a growing security crisis in DeFi, which has already seen over $3.1 billion lost to exploits in 2025 alone, according to Hacken’s report. The incident highlights the dangers of deploying custom smart contract logic without sufficient financial and technical safeguards.
Industry experts warn that the event could usher in a new era of cautious innovation, where developers prioritize comprehensive audits, real-time monitoring, and stricter bug bounty programs.
For users, the Bunni exploit serves as a stark reminder: in the high-yield world of decentralized finance, trust and transparency remain as valuable as the tokens themselves.
Cover image from ChatGPT, ETHUSD chart from Tradingview
Related Posts
