A flaw in Bunni’s smart contracts let an attacker steal around $2.3 million in stablecoins, forcing the decentralized exchange to halt all activity while it investigates the breach.
Summary
- Bunni DEX was exploited for about $2.3 million in stablecoins after an attacker manipulated its custom Liquidity Distribution Function.
- The stolen funds were consolidated into a single Ethereum wallet holding $1.33 million in USDC and $1.04 million in USDT.
- The incident follows a wave of August exploits that caused $163 million in losses, bringing 2025’s total losses above $3.1 billion.
The decentralized exchange Bunni suffered a security breach on Tuesday, September 2, 2025. The exchange announced the exploit via an X post, adding that it halted all smart contract functions across every network to prevent further damage.
“The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon.”
Blockchain security firm BlockSec was one of the first to flag the suspicious activity, noting that an attacker was exploiting a flaw in Bunni’s contracts to drain funds.
The attacker executed a series of carefully sized trades designed to exploit Bunni’s Liquidity Distribution Function (
Go to Source to See Full Article
Author: Grace Abidemi
