Bunni DEX Shuts Down After $8.4M Exploit, Highlighting the Growing Toll of DeFi Hacks

The world's cutest decentralized exchange, Bunni DEX, is facing a harsh reality, after announcing that it will be shutting down operations following an $8.4 million exploit in September, becoming the second DeFi project this week to fold under the pressure of mounting security breaches and financial strain.

In a post on X on Thursday, the Bunni team described how the project has been facing tremendous financial pressure after the hack, citing the enormous costs associated with auditing, monitoring, and relaunching the protocol after the exploit.

“The recent exploit has forced Bunni’s growth to a halt, and in order to securely relaunch, we’d need to pay six to seven figures in audit and monitoring expenses alone — requiring capital that we simply don’t have.”

The announcement marks a somber end for one of DeFi’s most promising liquidity platforms, which had grown rapidly in 2025. According to DefiLlama, Bunni’s total value locked (TVL) surged from just $2.23 million in June to nearly $80 million by August, before the exploit halted its rise.

The Attack That Halted Bunni’s Momentum

The September 2 exploit drained $8.4 million from Bunni’s liquidity pools across Ethereum and Layer-2 network Unichain, forcing the team to halt operations. A subsequent investigation found that malicious actors exploited vulnerabilities in Bunni’s custom codebase.

Built atop Uniswap v4, Bunni was designed to enhance liquidity efficiency through its proprietary Liquidity Distribution Function (LDF) — a mechanism intended to automatically optimize yield for liquidity providers.

However, this complexity ultimately became the cause of its demise as the attackers have reportedly manipulated the LDF curve to trigger faulty rebalancing logic, ultimately draining the protocol without setting off security alerts.

Following the incident, Bunni offered the attacker a 10% white-hat bounty to return the stolen funds. But these efforts were to no avail as these efforts were only met with radio silence from the hackers.

Bunni's Final Act Of Defiance

Despite shutting down, Bunni’s final act has been met with praise across the developer community. In what the team described as an effort to “let innovation live on,” they have relicensed the Bunni v2 smart contracts from a Business Source License to an MIT open-source license, allowing developers to freely build upon its codebase.

This move effectively turns Bunni’s innovations — such as its liquidity distribution functions, surge fees, and autonomous rebalancing mechanisms — into open resources for the wider DeFi ecosystem.

The team has also called users to withdraw their remaining assets from the platform while they still can. The remaining treasury assets will be distributed to BUNNI, LIT, and veBUNNI tokenholders once legal approvals are complete. Notably, team members will not receive any compensation from the remaining funds.

For now, Bunni said it continues to work with law enforcement to recover the stolen $8.4 million.

DeFi Faces Another Blow

Bunni’s closure follows closely on the heels of Layer-1 blockchain Kadena’s founding team, which also announced this week that it would cease operations amid harsh market conditions.

While Kadena’s network will continue as a community-led project, the twin announcements have cast a shadow over the DeFi and blockchain sector, where project shutdowns are increasingly tied to security exploits and funding shortfalls.

These back-to-back closures highlight the deepening fragility of the DeFi landscape. Despite billions of dollars in total value locked across protocols, many teams remain under-resourced to defend against sophisticated attacks — a problem compounded by the rising cost of audits and the complexity of custom smart contract designs.

For Bunni, the end of operations might not spell the end of its impact. By open-sourcing its code, the project leaves behind tools that may yet strengthen the ecosystem it once served — even as its own fall stands as a stark reminder of the risks that continue to plague decentralized finance.