{"id":45405,"date":"2025-09-03T02:46:40","date_gmt":"2025-09-03T02:46:40","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=45405"},"modified":"2025-09-03T02:46:40","modified_gmt":"2025-09-03T02:46:40","slug":"bunnixyz-halts-contracts-after-8-4-million-defi-exploit","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=45405","title":{"rendered":"BunniXYZ Halts Contracts After $8.4 Million DeFi Exploit"},"content":{"rendered":"<div>\n<p><span data-preserver-spaces=\"true\">BunniXYZ, a decentralized exchange built on top of Uniswap v4, has hit pause across all its smart contracts following a serious exploit that drained around $8.4 million in user funds. The project had been gaining early momentum, with nearly $50 million in Total Value Locked before the attack hit.<\/span><\/p>\n<h2><span data-preserver-spaces=\"true\">Exploit Took Advantage of Custom Liquidity Logic<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">The exploit targeted <\/span><span data-preserver-spaces=\"true\">BunniXYZ\u2019s<\/span><span data-preserver-spaces=\"true\"> Liquidity Distribution Function, a custom feature designed to optimize how liquidity <\/span><span data-preserver-spaces=\"true\">is spread<\/span><span data-preserver-spaces=\"true\"> across trading ranges. Attackers figured out how to manipulate this system by submitting trades of precise sizes that triggered faulty rebalancing. <\/span><span data-preserver-spaces=\"true\">This<\/span><span data-preserver-spaces=\"true\"> gave them access to more tokens than should have been available. Most of the funds <\/span><span data-preserver-spaces=\"true\">were taken<\/span><span data-preserver-spaces=\"true\"> from deployments on Unichain, with the rest coming from Ethereum.<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">1. Bunni is a liquidity hook that runs on top of UniswapV4. Instead of using UniswapV4\u2019s normal system, Bunni has its own liquidity curve called LDF (Liquidity Distribution Function).<\/p>\n<p>2. After each trade, Bunni checks if its LDF curve has changed since the last trade. If it has,\u2026 <a href=\"https:\/\/t.co\/uCSWXyuAt2\" rel=\"nofollow\" target=\"_blank\">https:\/\/t.co\/uCSWXyuAt2<\/a><\/p>\n<p>\u2014 Victor Tran (@vutran54) <a href=\"https:\/\/twitter.com\/vutran54\/status\/1962770733769367780?ref_src=twsrc%5Etfw\" rel=\"nofollow\" target=\"_blank\">September 2, 2025<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2><span data-preserver-spaces=\"true\">Response Was Immediate and Direct<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">The BunniXYZ team reacted fast. They froze contracts across supported networks and advised users to pull their funds for safety. The project is now in full investigation mode, working with auditors to pinpoint the bug and decide next steps. A timeline for returning to normal operations <\/span><span data-preserver-spaces=\"true\">hasn\u2019t<\/span> <span data-preserver-spaces=\"true\">been announced<\/span><span data-preserver-spaces=\"true\"> yet, but safety and transparency appear to be the focus for now.<\/span><\/p>\n<p><strong>DISCOVER: <a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/new-cryptocurrency\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\">Best New Cryptocurrencies to Invest in 2025<\/a><\/strong><\/p>\n<h2><span data-preserver-spaces=\"true\">A Promising Start Cut Short<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">BunniXYZ had built its protocol around Uniswap v4 but added its own flavor. The <\/span><span data-preserver-spaces=\"true\">platform\u2019s<\/span><span data-preserver-spaces=\"true\"> liquidity curves allowed for more customization and efficiency in trading positions. That extra flexibility introduced new risks. <\/span><span data-preserver-spaces=\"true\">The exploit <\/span><span data-preserver-spaces=\"true\">shows<\/span><span data-preserver-spaces=\"true\"> how even <\/span><span data-preserver-spaces=\"true\">small<\/span><span data-preserver-spaces=\"true\"> logic changes in DeFi can <\/span><span data-preserver-spaces=\"true\">open <\/span><span data-preserver-spaces=\"true\">big<\/span><span data-preserver-spaces=\"true\"> vulnerabilities if not rigorously tested under <\/span><span data-preserver-spaces=\"true\">real<\/span><span data-preserver-spaces=\"true\"> conditions.<\/span><\/p>\n<div class=\"cpp-crypto-chart cpp-crypto-chart-99btc cpp-crypto-chart-uni\" data-coin-symbol=\"uni\" data-price-usd=\"UNI Price (USD)\" data-main-color=\"#4caf05\" data-watermark-image=\"https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/99bitcoins-logo.png\" data-chart-style=\"99btc\">\n<div class=\"cpp-chart-top-section\">\n<div class=\"cpp-chart-info-section\">\n<div class=\"cpp-chart-coin-details\">\n<div class=\"cpp-chart-labels-row\">\n<div class=\"cpp-chart-coin-name\">Uniswap<\/div>\n<div class=\"cpp-chart-price-info\">Price<\/div>\n<div class=\"cpp-chart-market-cap\">Market Cap<\/div>\n<\/div>\n<div class=\"cpp-chart-values-row\">\n<div class=\"cpp-chart-coin-symbol\">UNI<\/div>\n<div class=\"cpp-chart-price\"><\/div>\n<div class=\"cpp-chart-market-cap-value\">$6.02B<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"cpp-chart-selectors cpp-chart-selectors-99btc\"><span class=\"cpp-chart-selector\" data-period=\"24h\">24h<\/span><span class=\"cpp-chart-selector\" data-period=\"7d\">7d<\/span><span class=\"cpp-chart-selector\" data-period=\"30d\">30d<\/span><span class=\"cpp-chart-selector\" data-period=\"1y\">1y<\/span><span class=\"cpp-chart-selector\" data-period=\"all_time\">All time<\/span><\/div>\n<\/div>\n<p><canvas id=\"cpp-chart-68b799d00f6df\" class=\"cpp-chart-container cpp-chart-container-99btc\"><\/canvas><\/div>\n<h2><span data-preserver-spaces=\"true\">DeFi Security Remains a Tough Puzzle<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">This incident highlights a familiar problem across the DeFi space. <\/span><span data-preserver-spaces=\"true\">New features <\/span><span data-preserver-spaces=\"true\">tend to<\/span><span data-preserver-spaces=\"true\"> come with new risks.<\/span><span data-preserver-spaces=\"true\"> Projects often race to deploy innovation, but without thorough checks, things can go sideways quickly. <\/span><span data-preserver-spaces=\"true\">BunniXYZ\u2019s<\/span><span data-preserver-spaces=\"true\"> situation adds another chapter to the long list of high-value exploits that have shaken confidence in smaller protocols.<\/span><\/p>\n<h2><span data-preserver-spaces=\"true\">Repairs Are Underway<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">The developers are reviewing what went wrong and are likely rewriting parts of the liquidity logic. A full post-mortem <\/span><span data-preserver-spaces=\"true\">is expected<\/span><span data-preserver-spaces=\"true\"> once everything is verified. <\/span><span data-preserver-spaces=\"true\">The community has <\/span><span data-preserver-spaces=\"true\">been <\/span><span data-preserver-spaces=\"true\">told<\/span><span data-preserver-spaces=\"true\"> to <\/span><span data-preserver-spaces=\"true\">stay alert<\/span><span data-preserver-spaces=\"true\"> and <\/span><span data-preserver-spaces=\"true\">wait for<\/span><span data-preserver-spaces=\"true\"> updates before <\/span><span data-preserver-spaces=\"true\">interacting<\/span><span data-preserver-spaces=\"true\"> with contracts again.<\/span><span data-preserver-spaces=\"true\"> This kind of reset, while painful, gives projects a chance to rebuild smarter.<\/span><\/p>\n<p><strong>DISCOVER: <a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/next-crypto-to-explode\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\">20+ Next Crypto to Explode in 2025<\/a><\/strong><\/p>\n<h2><span data-preserver-spaces=\"true\">A Learning Moment for the DeFi Space<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">When new tech rolls out in DeFi, the spotlight turns to how well <\/span><span data-preserver-spaces=\"true\">it\u2019s<\/span><span data-preserver-spaces=\"true\"> built<\/span><span data-preserver-spaces=\"true\">. <\/span><span data-preserver-spaces=\"true\">BunniXYZ\u2019s<\/span><span data-preserver-spaces=\"true\"> experience might encourage other teams to hold off on customizations until <\/span><span data-preserver-spaces=\"true\">they\u2019ve<\/span><span data-preserver-spaces=\"true\"> gone through multiple rounds of peer review and stress testing. <\/span><span data-preserver-spaces=\"true\">Projects that <\/span><span data-preserver-spaces=\"true\">add<\/span><span data-preserver-spaces=\"true\"> novel liquidity features <\/span><span data-preserver-spaces=\"true\">need to remember that <\/span><span data-preserver-spaces=\"true\">the<\/span><span data-preserver-spaces=\"true\"> risk <\/span><span data-preserver-spaces=\"true\">grows<\/span><span data-preserver-spaces=\"true\"> with <\/span><span data-preserver-spaces=\"true\">every<\/span><span data-preserver-spaces=\"true\"> layer <\/span><span data-preserver-spaces=\"true\">added<\/span><span data-preserver-spaces=\"true\">.<\/span><\/p>\n<h2><span data-preserver-spaces=\"true\">What Happens Next<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">BunniXYZ will likely return, but with stronger safeguards in place. This exploit may also spark more debate around protocol design and modular safety features in the next wave of DeFi tools. If anything, the space is learning in real time, one exploit at a time.<\/span><\/p>\n<p><strong><span data-preserver-spaces=\"true\">DISCOVER:\u00a0<\/span><a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/next-crypto-to-explode\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\"><span data-preserver-spaces=\"true\">20+ Next Crypto to Explode in 2025\u00a0<\/span><\/a><\/strong><\/p>\n<p><strong><a class=\"general-link\" href=\"https:\/\/discord.gg\/B7Uk6agkqj\" target=\"_blank\" rel=\"nofollow noopener\"><span data-preserver-spaces=\"true\">Join The 99Bitcoins News Discord Here For The Latest Market Updates<\/span><\/a><\/strong><\/p>\n<div class=\"nnbtc-key-takeaways\">\n<h2 class=\"nnbtc-key-takeaways__title\">Key Takeaways<\/h2>\n<ul class=\"nnbtc-key-takeaways__list\">\n<li class=\"nnbtc-key-takeaways__list-item\">\n        BunniXYZ paused all smart contracts after a targeted exploit drained $8.4 million in funds from Unichain and Ethereum deployments.    <\/li>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        Attackers manipulated the Liquidity Distribution Function, a custom feature meant to optimize trading ranges.    <\/li>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        The team acted quickly by freezing contracts and advising users to withdraw funds while a full investigation is underway.    <\/li>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        The exploit underscores the risks of custom DeFi features and the need for stronger pre-deployment testing.    <\/li>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        A full post-mortem is expected, with the protocol likely returning after major security upgrades and rewrites.    <\/li>\n<\/ul><\/div>\n<p>The post <a href=\"https:\/\/99bitcoins.com\/news\/altcoins\/bunnixyz-loses-8-4m-in-defi-exploit-halts-smart-contracts\/\">BunniXYZ Halts Contracts After $8.4 Million DeFi Exploit<\/a> appeared first on <a href=\"https:\/\/99bitcoins.com\/\">99Bitcoins<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>BunniXYZ, a decentralized exchange built on top of Uniswap v4, has hit pause across all its smart contracts following a serious exploit that drained around $8.4 million in user funds. The project had been gaining early momentum, with nearly $50 million in Total Value Locked before the attack hit. Exploit Took Advantage of Custom Liquidity [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-45405","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/45405","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=45405"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/45405\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=45405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=45405"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=45405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}