Bunni DEX Shuts Down, Cites Recovery Costs After $8.4M Exploit

Bunni DEX Shuts Down, Cites Recovery Costs After $8.4M Exploit

Bunni DEX has announced its shutdown following an $8.4 million exploit that drained liquidity across both Ethereum and Unichain. The attack compromised core contracts, leaving the platform unable to safely continue operations. While users can still withdraw their remaining funds, all trading and liquidity functions have been disabled.

According to the Bunni team, relaunching the decentralized exchange would demand extensive new audits, continuous monitoring, and several months of redevelopment—costs deemed too high to justify. Instead, the project will proceed with an orderly wind-down process to ensure transparency and user fund recovery. The team expressed regret over the incident and thanked the community for its support throughout Bunni’s operation.

Why Bunni is closing

Bunni said the resources needed to safely relaunch six- to seven-figure audit and monitoring costs plus months of engineering and BD are out of reach after the incident. The project will therefore discontinue operations rather than attempt a reboot.

What happened in the September exploit

On Sept. 2, 2025, attackers targeted BunniHub, the protocol’s main contract system, affecting deployments on Ethereum and Unichain. Analyses put combined losses at roughly $8.4M, with security firm CertiK tracing stolen funds to two Ethereum wallets. Early technical write-ups point to issues around custom liquidity logic rather than classic reentrancy.

Current user options and next steps

Bunni says withdrawals remain available via its website. The team plans to distribute remaining treasury assets to BUNNI, LIT and veBUNNI holders excluding team wallets subject to legal review and compliance checks. The project also intends to keep working with law enforcement to pursue the exploiter. The Crypto Times

Open-sourcing and what it means for developers

Although shuttering, Bunni has open-sourced its v2 contracts under the MIT license. That allows builders to reuse features such as surge fees, liquidity distribution functions and automated rebalancing in future designs ideally incorporating stronger safeguards informed by post-mortems.

About Unichain (the affected L2)

Unichain is Uniswap Labs’ Ethereum Layer-2 built on the OP Stack, optimized for DeFi throughput and lower fees; Bunni operated there as well as on Ethereum mainnet.

What this means for LPs and token holders

Liquidity providers and token holders should expect a formal process for treasury distribution, with eligibility likely based on snapshots or on-chain balances. Until details finalize, users should document positions and ensure all available withdrawals and claims are executed.

Bunni DEX shuts down after $8.4M exploit market impact

The closure underscores how custom DEX logic and novel hooks can expand attack surface if not exhaustively tested, and it may prompt other Uniswap v4-based projects to re-evaluate security budgets and monitoring.

Context & Analysis

The stated six- to seven-figure cost to relaunch highlights a structural challenge for emerging DeFi protocols: modern security programs (multiple audits, continuous monitoring, formal verification, bounty programs) can rival or exceed early treasury sizes. Projects deploying novel liquidity algorithms such as custom distribution/rebalancing face additional complexity and should budget accordingly before scaling TVL.

Conclusion

Bunni’s shutdown process will continue with withdrawals remaining open and a planned treasury distribution for community holders. The team aims to ensure a transparent exit, allowing users to reclaim assets and receive their share of remaining funds as part of the wind-down.

The project’s code will be released under the MIT license, giving developers the freedom to build new versions or related platforms. However, the focus across DeFi is now expected to shift toward stronger security frameworks, especially for upcoming Uniswap v4 integrations and new applications launching on Unichain and other Layer-2 networks.

FAQs

Q : What happened to Bunni?
A : Bunni is shutting down after a ~$8.4M exploit; the team says it cannot afford a secure relaunch.

Q : Which networks were affected?
A : Deployments on Ethereum and Unichain were impacted via the BunniHub contracts.

Q : Are withdrawals still open?
A : Yes. Users can withdraw via the website for now; details may change as the wind-down progresses.

Q : Who will receive remaining treasury funds?
A : BUNNI, LIT and veBUNNI holders (excluding the team), pending legal review.

Q : Did Bunni release its code?
A : Yes, Bunni open-sourced v2 contracts under the MIT license to help other developers.

Q : How does Unichain fit in?
A : Unichain is Uniswap Labs’ L2 for DeFi; part of the exploit activity occurred there.

Q : Does this mean Uniswap v4 hooks are unsafe?
A : Not categorically; the incident points to risks in custom logic and underscores the need for rigorous testing and audits.

Q : Is the exact phrase “Bunni DEX shuts down after $8.4M exploit” the official announcement?
A : It summarizes multiple reports confirming the shutdown decision and context.

Facts 

• Event
  Bunni DEX announces permanent shutdown following exploit

• Date/Time
  2025-10-23T14:26:00+05:00

• Entities
  Bunni (DEX); BunniHub (smart contracts); Unichain (L2 by Uniswap Labs); CertiK (security firm)

• Figures
  ~$8.4M total losses; security relaunch budget cited as “6–7 figures” (USD)

• Quotes
  “Thus, we have decided it’s best to shut down Bunni.” Bunni team (via X)

• Sources
  CoinDesk (shutdown) CoinDesk; CoinDesk (exploit details) CoinDesk