$8.4 Million Vanished! Bunni Exchange Shuts Down Overnight, Users Desperate to Recover Funds

 

Bunni Exchange Permanently Shuts Down After $8.4 Million Hack — What Happens to Users’ Funds

In a stunning turn for decentralized finance (DeFi), Bunni Exchange — once a promising decentralized trading platform — has announced it will permanently close following an $8.4 million flash loan exploit. The decision marks one of the most notable DeFi collapses of 2025 and underscores ongoing vulnerabilities in custom liquidity logic that continue to plague the decentralized trading space.

The Bunni team cited high recovery costs, unsustainable development expenses, and long-term security risks as the primary reasons behind its decision to end operations. Despite the shutdown, developers have pledged to release their technology as open-source code, hoping their innovations will still contribute to the broader DeFi community.

What Happened to Bunni Exchange

Bunni Exchange confirmed in an official statement that the closure follows a severe attack that drained $8.4 million from its liquidity pools. The exploit occurred across two primary pools — the WeETH/ETH pool on Unichain and the USDC/USDT pool on Ethereum.

Source: Decryp Media X

According to the post-mortem report, the hacker executed a complex combination of flash loans, sandwich attacks, and micro-withdrawals to manipulate the exchange’s custom liquidity contracts.

Flash loans, a DeFi innovation allowing users to borrow large sums of cryptocurrency without collateral within a single transaction, were at the center of the attack. By exploiting price movements through sandwich attacks — where trades are front-run and back-run to manipulate token prices — the attacker successfully extracted millions in digital assets.

The funds were then bridged across multiple blockchains to obscure their origins, making recovery significantly more difficult.

In a statement released after the incident, Bunni’s development team said, “We have explored every possible avenue for recovery, but the costs, risks, and time required to relaunch the protocol securely are beyond our current capacity. This decision, though painful, is made in the best interest of user safety and transparency.”

Why Bunni Decided to Shut Down Permanently

Following the exploit, the exchange spent several weeks assessing options for relaunch. However, the financial toll of rebuilding proved insurmountable. The team explained that a full recovery would require six- to seven-figure funding for smart contract audits, infrastructure overhauls, and enhanced security monitoring.

Additionally, the small developer team lacked the manpower to manage an extended relaunch timeline, which could take months — or even longer — to restore user confidence.

“Security in DeFi isn’t cheap,” the statement continued. “To guarantee user protection, we would need extensive audits, external reviews, and constant on-chain monitoring. We cannot, in good conscience, relaunch without these safeguards.”

Rather than risk another potential exploit, the team decided that closing the exchange entirely was the safest option.

Despite the closure, Bunni’s core technologies — including Liquidity Density Functions (LDFs), surge fees, and autonomous pool rebalancing mechanisms — will be relicensed under open-source terms. This means developers across the DeFi ecosystem can continue building upon Bunni’s innovations, even after the exchange’s demise.

How the Hack Was Executed

According to blockchain analysis, the attacker initially flash-borrowed 3 million USDT to distort Bunni’s USDC/USDT pool prices. The manipulated price curve created arbitrage opportunities that the attacker immediately exploited by swapping between tokens and executing rapid withdrawals.

The attack relied on Bunni’s custom liquidity logic, which was designed to improve capital efficiency but inadvertently opened pathways for price manipulation.

Using a combination of sandwich attacks — where transactions are strategically placed before and after a victim’s trade — and small, repeated withdrawals, the attacker siphoned funds until both targeted pools were nearly drained.

The Bunni team acknowledged that their liquidity algorithm, while innovative, had not undergone sufficient external auditing or real-world stress testing. The incident, they said, highlights how critical it is for DeFi platforms to balance innovation with robust, independent security reviews before launch.

The Broader DeFi Implications

The Bunni exploit has reignited conversations about the risks of overengineering liquidity mechanisms in decentralized finance. As more DeFi projects compete to offer faster, more efficient trading systems, the pressure to innovate can lead to shortcuts in testing or insufficient auditing — mistakes that hackers are quick to exploit.

Experts warn that while flash loans and automated liquidity tools are powerful, they remain double-edged swords. Without proper safeguards, they can enable rapid, large-scale asset theft with no collateral at risk.

Security researchers have called for stronger standards in DeFi development, including mandatory code audits, bug bounties, and community stress tests before any smart contract is deployed.

Efforts to Recover Stolen Funds

After the attack, Bunni’s team immediately reached out to law enforcement agencies and blockchain security firms to track the stolen funds. The team offered a 10% bounty to the attacker — a common practice in DeFi — if the stolen crypto was returned voluntarily. However, the hacker has not responded to the offer.

Source: X

Although partial traces of the funds have been found across multiple chains, cross-chain obfuscation makes recovery challenging. The developers say they are committed to full transparency and will continue to provide updates as the investigation unfolds.

“We are working with several blockchain forensic partners to trace the movement of funds,” Bunni stated. “While the chances of full recovery are slim, accountability remains our priority.”

What Happens to User Assets

Despite the closure, the exchange has confirmed that users can still withdraw their funds from the official website until further notice. Any remaining assets in Bunni’s treasury will be distributed to BUNNI, LIT, and veBUNNI holders based on a snapshot taken before the exploit.

The team emphasized that team-owned tokens will be excluded from this distribution to ensure fairness for community members.

Legal verification of the process is ongoing, and users are advised to monitor official Bunni communication channels for updates on when and how distributions will take place.

In their final community statement, the developers reassured users that all remaining funds will be handled transparently, saying, “Even as we close this chapter, we are committed to integrity and fairness. Every remaining asset will be accounted for.”

Lessons for the DeFi Industry

Bunni’s closure serves as a cautionary tale for both developers and investors in the rapidly evolving DeFi space. While decentralized finance promises transparency and financial freedom, the sector remains vulnerable to highly sophisticated attacks.

Security analysts have pointed out that many DeFi projects still prioritize innovation speed over protection, leaving billions of dollars at risk. The Bunni exploit demonstrates that even technically advanced systems can fail without comprehensive audits and rigorous simulation testing.

As the DeFi ecosystem matures, projects are urged to adopt multi-layered security frameworks, regular third-party audits, and stronger emergency response protocols to minimize potential damage from future exploits.

The End of Bunni — But Not Its Legacy

Though Bunni Exchange will not return, its influence in DeFi innovation may endure. The team’s decision to relicense its core technologies could enable other developers to learn from its mistakes and improve liquidity optimization models across decentralized platforms.

In the long term, this event may even help strengthen DeFi by promoting more responsible innovation and better risk management practices.

For now, Bunni’s downfall serves as both a sobering reminder and a critical learning opportunity — a reflection of the high-stakes nature of decentralized finance and the balance between innovation and security.

Writer @Ellena

Erlin is an experienced crypto writer who loves to explore the intersection of blockchain technology and financial markets. She regularly provides insights into the latest trends and innovations in the digital currency space.

 

 Check out other news and articles on Google News

Disclaimer:

The articles published on hokanews are intended to provide up-to-date information on various topics, including cryptocurrency and technology news. The content on our site is not intended as an invitation to buy, sell, or invest in any assets. We encourage readers to conduct their own research and evaluation before making any investment or financial decisions.

hokanews is not responsible for any losses or damages that may arise from the use of information provided on this site. Investment decisions should be based on thorough research and advice from qualified financial advisors. Information on HokaNews may change without notice, and we do not guarantee the accuracy or completeness of the content published.