Web3
Share this article

Bunni DEX Halts Smart Contracts After Exploit Drains $8.4M Across Chains

The exploit targeted BunniHub, the protocol's main contract system, and the funds have been traced to two Ethereum wallets.

By Francisco Rodrigues|Edited by Parikshit Mishra
Sep 2, 2025, 8:46 a.m. 1 min read
Fluffy bunny (Pablo Martinez/Unsplash)
(Pablo Martinez/Unsplash)

What to know:

  • Decentralized exchange Bunni paused all smart contract functions after a security breach drained an estimated $8.4 million in crypto.
  • The exploit targeted BunniHub, the protocol's main contract system, and the funds have been traced to two Ethereum wallets.
  • The BUNNI token is down 2.5% in the last 24 hours.

Bunni, a decentralized exchange built on Uniswap v4’, paused all smart contract functions after a security breach drained an estimated $8.4 million in crypto.

Blockchain security firm CertiK said the exploit targeted BunniHub, Bunni’s main contract system, and resulted in $2.3 million in losses on Ethereum. An earlier attack on Uniswap Labs’ layer-2 network Unichain pushed total losses to around $8.4 million. The firm traced the stolen funds to two Ethereum wallets.

Bunni’s developers have suspended all contract operations across supported networks while they investigate the incident, according to a social media post.

“As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon. Thank you for your patience,” Bunni’s post reads.

The exchange runs on Uniswap v4's “hooks” feature, which Uniswap Labs CEO Hayden Adams described as “plugins to customize how pools, swaps, fees, and LP positions interact.”

Web3ExploitDEX

Plus pour vous

Kelp claims that LayerZero approved the setup it blamed for $292 million bridge hack

Par Francisco Rodrigues, AI Boost|Édité par Aoyon Ashraf
5 mai 2026
Hacker facing screens with lines of code (Boitumelo/Unsplash)

The $292M exploit, linked to North Korean hackers, led Kelp to migrate its rsETH off LayerZero's "OFT" standard to Chainlink's "CCIP."

Ce qu'il:

  • Kelp DAO claims LayerZero personnel approved the 1-of-1 verifier setup that LayerZero later blamed for the $292 million rsETH bridge hack.
  • LayerZero's postmortem contradicted Kelp, but data showed 47% of active LayerZero OApp contracts used a 1-of-1 DVN setup. LayerZero banned it post-hack.
  • The $292 million exploit, linked to a...
Lire l'article complet