Bunni Ceases Operations Following Major Exploit
Bunni, a notable player in the decentralized finance (DeFi) sector, has made the difficult decision to cease operations following a significant exploit that resulted in the loss of over $8.4 million from user funds. Announced on October 23 via their official X account, the team detailed that the exploit had impeded their growth, ultimately making it financially unfeasible to relaunch the platform securely.
Details of the Exploit
The closure signifies the end of one of the more technically advanced exchanges designed on Uniswap (UNI) V4 hooks. The exploit occurred in early September when the platform’s primary Ethereum (ETH) and Unichain smart contracts fell victim to a breach. Hackers identified a weakness in the Liquidity Distribution Function, intended to enhance returns for liquidity providers, which allowed them to illicitly withdraw larger amounts of assets than they were legitimately entitled to through flash loan strategies and rounding mistakes.
In total, attackers siphoned approximately $8.4 million, predominantly in USDC and USDT, prompting the Bunni team to freeze contract operations.
Despite offering a 10% reward for the return of the funds, the perpetrator did not engage. Previous audits conducted by Trail of Bits and Cyfrin only classified the exploit as a “logic-level flaw,” not an implementation shortcoming.
Impact on Bunni and Users
Since the incident, Bunni’s total value locked has plummeted from over $60 million to virtually nothing, bringing trading and development to a standstill. In their statement about the shutdown, the team noted that a safe resumption of services would require “six to seven figures” for audit and monitoring, along with months of redevelopment pressures they could not shoulder.
While users can still retrieve their funds through the Bunni website, the redistribution of remaining treasury assets to holders of BUNNI, LIT, and veBUNNI will occur following the conclusion of legal processes, with team members excluded from this distribution.
Final Actions and Industry Implications
In a final gesture, Bunni has relicensed its version 2 smart contracts from the Business Source License (BUSL) to the MIT license, allowing other developers free access to its technologies, including the Liquidity Distribution Functions, surge fees, and autonomous rebalancing tools. The team is also collaborating with law enforcement in attempts to recover misappropriated funds.
This unfortunate exit from the industry compounds the challenges faced by blockchain security, as the current year has already witnessed over $3.1 billion lost to hacks and exploits.
