Bunni, a decentralized exchange (DEX) built on Uniswap V4, has fallen victim to a significant exploit, resulting in the loss of approximately $2.3 million. The breach, detected by blockchain security firm BlockSec on September 2, 2025, targeted vulnerabilities in Bunni’s Ethereum-based smart contracts. The attacker exploited a flaw in the platform's liquidity distribution mechanism, known as the Liquidity Distribution Function (LDF), to drain funds from the protocol.
ALERT! Our system detected a suspicious transaction targeting @bunni_xyz ’s contract on #Ethereum, and the loss is ~$2.3M. Please take actions ASAP.
— BlockSec Phalcon (@Phalcon_xyz) September 2, 2025
Exploit Details and Immediate Response
The attacker manipulated the LDF by executing multiple transactions of specific sizes, causing the system to miscalculate token distributions and allowing the hacker to withdraw more tokens than they were entitled to. The stolen funds, primarily in USDC and USDT stablecoins, were moved to the wallet address "0xe04…64f2b," which currently holds approximately $1.33 million in USDC and $1.04 million in USDT.
In response to the exploit, Bunni's team promptly paused all smart contract functions across all networks to prevent further losses. The platform acknowledged the incident on X at 3:04 a.m. ET.
🚨 The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon. Thank you for your patience.
— Bunni (@bunni_xyz) September 2, 2025
Impact on the DeFi Ecosystem
This incident highlights ongoing security challenges within the decentralized finance (DeFi) sector. While the loss of $2.3 million is significant, it is relatively small compared to other recent breaches in the industry. However, the exploit underscores the importance of robust smart contract auditing and security measures to protect user funds and maintain trust in DeFi platforms.
Market Reactions and Future Outlook
Following the breach, Ethereum's price experienced a minor 0.32% decline within 24 hours. Despite this short-term dip, Ethereum's 90-day price growth of 67.06% suggests broader market resilience. The Bunni exploit serves as a reminder of the vulnerabilities that remain within the DeFi space and the need for continuous improvement in security practices.
Matvii Diadkov
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
