Bunni DEX Halts Smart Contracts After Exploit Drains $8.4M Across Chains
Decentralized exchange Bunni has temporarily suspended all smart contract operations following a major security incident impacting its core BunniHub contracts. According to initial assessments, the exploit resulted in estimated losses of around $8.4 million across Ethereum and Unichain networks. Investigators have traced the activity to two Ethereum wallet addresses that appear to be linked to the breach, raising concerns about the scale and sophistication of the attack.
The Bunni team confirmed that a full investigation is currently in progress to determine the exact cause and scope of the exploit. They assured users that further details will be shared once the facts become clearer. For now, operations remain halted as a precaution, with the project prioritizing user security and transparency throughout the recovery process.
Bunni DEX exploit drains $8.4M
Blockchain-security analysts report that the incident affected Bunni’s main contract system, BunniHub, with approximately $2.3 million siphoned on Ethereum and additional damage occurring on Unichain to bring aggregate losses near $8.4 million. The project has paused contracts across supported networks as a protective measure while forensics continue. In immediate market reaction, the BUNNI token slipped about 2.5% over the last 24 hours as traders priced in operational risk and uncertainty around remediation.
Bunni’s communication emphasizes user safety and transparency during the freeze. While the team has not published a full post-mortem, they have acknowledged tracing the stolen funds to two Ethereum wallets and are coordinating with security partners to assess scope, attack path, and potential recovery avenues.
What exactly was targeted?
The breach centered on BunniHub Bunni’s primary coordination layer rather than isolated pool contracts. Bunni is built on Uniswap v4 and relies on its “hooks” architecture, a plug-in model that customizes how pools, swaps, fees, and liquidity positions behave. That flexibility is powerful but expands the surface area for logic bugs or integration errors. Investigators are now reviewing hook interactions, permission boundaries, and upgrade paths to determine how the attacker escalated privileges or bypassed expected controls.
Impact on traders and LPs
With contracts paused, routine actions such as providing or removing liquidity, executing swaps via Bunni’s routers, or claiming fees may be unavailable until the team restores functionality. User funds held in self-custody wallets remain under user control, but smart contract-controlled flows are temporarily frozen. Liquidity providers should monitor official channels for guidance on when positions can be safely managed again and whether any specific pools require additional steps once contracts resume.
How the team is responding
The developers have suspended operations across all supported chains and are conducting on-chain tracing of the attacker addresses. Typical next steps may include outreach to exchanges to flag the wallets, negotiations with the exploiter if a white-hat path is plausible, and a comprehensive audit followed by patched deployments. A formal incident report is expected to cover the root cause, the precise attack sequence, and any restitution or bounty arrangements.
Market context and risk signals
Security incidents remain a persistent risk for DeFi protocols, particularly those shipping complex new primitives. Cross-chain exposure and customizable hooks demand rigorous testing, limits on privileged roles, and real-time monitoring. Investors should factor operational risk into position sizing and look for disclosures on circuit breakers, emergency pause authority, and insurance coverage.
Conclusion
Bunni has paused operations as a precaution while its team investigates the BunniHub breach and works on a structured recovery plan. Users are advised to wait for the official post-mortem, contract fixes, and a phased rollout of services to ensure stability and security.
In the bigger picture, this incident highlights the importance of carefully deploying advanced features such as hooks, along with implementing layered reviews and defense-in-depth strategies across multiple chains. The episode serves as a reminder that innovation in decentralized finance must be balanced with rigorous testing and protective measures to safeguard user assets.
FAQs
Q1. What happened in the Bunni DEX exploit drains $8.4M incident?
A . Attackers hit BunniHub, prompting a network-wide pause while losses estimated near $8.4M are traced to two Ethereum wallets.
Q2. Are user funds safe after the Bunni DEX exploit drains $8.4M?
A . Self-custodied assets are unaffected, but contract-controlled actions are paused pending a fix and post-mortem.
Q3. Which chains and features were impacted by the Bunni DEX exploit drains $8.4M?
A . Losses include ~$2.3M on Ethereum plus damage on Unichain; Bunni paused smart contract functions across supported networks.
Q4. What is Bunni’s link to Uniswap v4 in the Bunni DEX exploit drains $8.4M?
A . Bunni uses Uniswap v4 “hooks,” which customize pool and fee logic; investigators are reviewing hook interactions for flaws.
Q5. When will services resume after the Bunni DEX exploit drains $8.4M?
A . The team plans to publish a post-mortem and deploy patches before a phased restart; timelines depend on audit results.