The decentralized exchange Bunni faced a major security breach on September 2, 2025, resulting in a loss of approximately $2.3 million in stablecoins. The exploit was due to a flaw in Bunni’s smart contracts, specifically in its custom Liquidity Distribution Function (LDF). This vulnerability allowed an attacker to manipulate the contracts and drain funds from the exchange.
In response to the breach, Bunni took immediate action by halting all smart contract functions across all networks to prevent further losses. The exchange released a statement on X, notifying users of the security incident and assuring them that the team was actively investigating the breach.
Blockchain security firm BlockSec was quick to detect the suspicious activity and alerted the community about the exploit targeting Bunni’s contract on Ethereum. The attacker exploited the LDF by executing trades that skewed the pool’s rebalance logic, enabling them to withdraw more tokens than actually available. Through this method, the attacker managed to siphon off approximately $2.3 million in stablecoins.
The stolen funds were consolidated into a single Ethereum wallet, holding $1.33 million in USDC and $1.04 million in USDT. This incident marked the first major DeFi exploit of September, following a series of high-profile hacks and exploits in August that resulted in losses totaling $163 million across 16 incidents.
The crypto industry has been grappling with mounting exploits and hacks in 2025, with total losses exceeding $3.1 billion in the first half of the year. August was particularly damaging, with significant breaches such as a social engineering attack targeting a Bitcoin whale and a breach at BtcTurk resulting in substantial losses.
Despite the challenges posed by security breaches, Bunni had been experiencing growth and success prior to the exploit. The exchange had reached a local peak with $60 million locked in its vaults and trading volumes surpassing $1 billion in August. However, the security breach highlighted the importance of robust security measures in the DeFi space to protect user funds and maintain trust in decentralized platforms.