Breaking: Uniswap-Powered DEX Bunni Suffers $2.4M Exploit on Ethereum, Unichain

Key Insights:

• Decentralized exchange Bunni suffered a smart contract exploit as hackers manipulated its Liquidity Distribution Function (LDF).
• Blockchain security platforms SlowMist, PeckShieldAlert, and Certik expect $2.4 million lost in the hack.
• DeFi tokens suffered a broader fall, with Across Protocol dropping more than 5% as used it to swap funds.

Decentralized exchange Bunni, the first DEX built on top of Uniswap v4, on Tuesday said it has suffered a security exploit, confirming a pause of all smart contract functions on all networks.

According to blockchain security experts, the DEX has lost almost $2.4 million in crypto due to a smart contract exploit on Ethereum and Unichain.

Bunni DEX Loses $2.4 Million in Smart Contract Exploit

Uniswap v4-powered Bunni confirmed a security exploit impacted the decentralized exchange (DEX) on September 2. The team has started investigating the exploit and will provide updates on the losses, details on the exploit, and possible recovery.

The platform has paused all smart contract functions on all networks as a precautionary measure to prevent further loss of funds.

Blockchain security platforms SlowMist, PeckShieldAlert, and Certik revealed that a smart contract exploit has resulted in a loss of nearly $2.4 million. The platforms recommended that the crypto community stay away from trading on the decentralized exchange.

Hackers have transferred funds to 0xe04efd87f410e260cf940a3bcb8bc61f33464f2b.

In contrast, blockchain security firm Hacken revealed $8.4 million in total suffered by Bunni, $ $6 million on Unichain, and $2.4 million on Ethereum.

Half of the stolen funds on Unichain were swapped to ETH and bridged to Ethereum in 100 ETH bridge transactions through the cross-chain bridging platform Across Protocol.

DeFi Experts on the Bunni Hack

Michael Bentley, CEO of Euler Labs, said the exploit happened on Unichain and Ethereum networks. He suggested removing funds from Bunni, while confirming that Euler wasn’t impacted.

Other DeFi protocols, such as Falcon Finance, also confirmed that they are not impacted by the hack and are monitoring the situation closely.

Victor Tran, CEO of Kyber Network, explained the mechanism behind Bunni’s liquidity curve called the Liquidity Distribution Function (LDF). The DEX uses its own liquidity curve instead of Uniswap v4’s system.

Bunni checks for changes in its LDF curve after every trade. If changes occurred, the system calculates how much extra liquidity exists and requires rebalancing the pool to keep the right ratio of tokens.

Hackers manipulated this LDF by making specific-size trades. It caused the rebalancing calculation to break, giving wrong results for how much each LP share should own.

By repeating this process, the exploiter withdrew more tokens than they should have in normal circumstances, draining money from the pool. He said:

KEM FairFlow is safe and sound. As long as UniV4 is safe, it is safe. We don’t touch LP’s liquidity. Yet we can still accrue more value to them.

DeFi Tokens Fall

The exploit caused DeFi tokens to tumble by 2-5% in a few hours. Top tokens such as Uniswap and Aave dropped more than 2%, with nearly 1% fall in an hour.

UNI price was trading at $9.51, down 2.21% over the last 24 hours. Whereas, AAVE price slipped back to $310 after a more than 2.1% slump.

Across Protocol’s native token plunged more than 5% in the last 24 hours, with the price trading at $0.147 at the time of writing.

The 24-hour low and high were $0.141 and $0.1561, respectively. The trading volume increased by 18% in the last 24 hours.