Bunni DEX, a decentralized exchange known for providing users with liquidity, has announced today that it is shutting down operations following a major exploit in September that drained over $8.4 million from user funds.
How the Hack Happened
According to previous reports, the hack targeted the exchange's Ethereum and Unichain smart contracts after taking advantage of a flaw in the Liquidity Distribution Function. This flaw allowed the attackers to withdraw more assets than they were entitled to through flash loan manipulation and rounding errors.
The team announced that this shutdown would halt the firm’s growth. They also explained that restarting safely would require six to seven figures in audits and monitoring, expenses they cannot afford.
“Hello everyone, it is with saddened hearts that we announce the shutdown of Bunni,” the team wrote. They further explained that months of work and business effort would also be needed to restore the platform, but currently, these resources are unavailable.
Hello everyone, it is with saddened hearts that we announce the shutdown of Bunni.
— Bunni (@bunni_xyz) October 23, 2025
The recent exploit has forced Bunni's growth to a halt, and in order to securely relaunch we'd need to pay 6-7 figures in audit & monitoring expenses alone – requiring capital that we simply don't…
The exploit primarily drained USDC and USDT before the team froze contract operations. A 10% bounty was offered to recover the funds, but the attacker never responded. Audits by Trail of Bits and Cyfrin had taken place earlier, but the flaw was classified as a “logic-level” issue rather than an implementation error.
Since the hack, Bunni’s total value locked has fallen from over $60 million to nearly zero. Trading and development activity stopped completely, leaving the platform inactive.
However, users can still withdraw assets through the Bunni website until further notice. The team also plans to distribute the remaining treasury assets to BUNNI, LIT, and veBUNNI holders after a legal process is completed. Team members are excluded from this distribution.
Bunni’s Legacy and Open Access
In addition to this, Bunni also changed the license of its v2 smart contracts from BUSL to MIT. This change allows other developers to use Bunni’s ideas, such as Liquidity Distribution Functions (LDFs), surge fees, and automatic rebalancing, for free. The team stated they are still cooperating with law enforcement to attempt the recovery of the stolen funds.
The shutdown adds to a challenging year for blockchain security, which has seen over $3.1 billion lost to hacks and exploits in 2025, according to Hacken’s report.