- Bunni has confirmed the attack on X
- The platform has halted all smart contracts as a precaution
- More updates on the attack and identification of the hacker(s) remain awaited
Decentralized exchange (DEX) Bunni suffered a major exploit on Tuesday, September 2. As a result of this hack, over $8.4 million in various crypto tokens now stand stolen, security firm CertiK alerted.
The official X handle of the DEX that goes by the username @bunni_xyz confirmed the exploit, claiming that its team is investigating the incident and will provide updates soon.
“The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks,” it posted.
Newsletter
Get weekly updates on the newest crypto stories, case studies and tips right in your mailbox.
Claiming that the total losses from this incident have come to $8.4 million, CertiK shared the addresses of the two Ethereum wallets that, it said, presently hold the stolen funds.
Viktor Tran, the co-founder and CEO of the Kyber Network explained how the hacker may have managed to facilitate this attack.
“Bunni is a liquidity hook that runs on top of UniswapV4. Instead of using UniswapV4’s normal system, Bunni has its own liquidity curve called LDF (Liquidity Distribution Function). Exploiter figured out they could manipulate this LDF by making trades of very specific sizes,” Tran said.
Members from the Web3 security community have flooded social media with alerts and warnings following the attack. Michael Bentley, the co-founder and CEO of Euler Finance asked people to remove their funds from Bunni as soon as possible. Bunni uses Euler Finance to channel liquidity through its lending feature.
Speculations of this attack being a “rug pull” have also started surfacing on social media. Last month, decentralized finance protocol CrediX had also suffered an “exploit” — losing over $4.5 million in user funds. After the platform promised to compensate those who lost their funds, it went missing in action.
Security firms like QuillAudits and SlowMist have joined CertiK to track the stolen funds. The firms have asked crypto holders to stay vigilant.
Hack attacks continue to plague the crypto space. As per CertiK, crypto hacks and scams led to losses worth $153 million in the month of July alone.
