Uniswap v4’s Bunni decentralized exchange (DEX) was exploited on Ethereum and Unichain, with combined losses estimated at $8.4M.
Key Takeaways:
- ~$2.3M was drained on Ethereum; with earlier Unichain losses, total ~$8.4M.
- Exploit abused custom Liquidity Distribution Function (LDF).
- UNI trades ~$9.53; ETH ~$4,381; BTC ~$109,966.
Bunni, a DEX leveraging ideas from Uniswap v4 hooks, suffered an exploit that on-chain detectives say targeted its custom Liquidity Distribution Function (LDF), which is a mechanism designed to redistribute liquidity across price ranges more efficiently than standard automated market maker logic.
How the Exploit Unfolded
The attacker executed trades of specific sizes that caused the rebalancing calculation to misallocate shares, creating a drain vector repeatable over multiple transactions. In a recent post in X (formerly Twitter) of Kyber network co-founder Victor Tran, he describes how the faulty rebalancing produced wrong results for LP shares, and emphasized that the hacker has figured out that they could manipulate the LDF by “making trades of very specific sizes.”
Attackers manipulated Bunni’s LDF. Source: Victor Tran
Bunni’s team confirmed the incident and paused all smart contracts on all networks while the investigation proceeds. On Ethereum, funds were funneled into an address holding roughly $1.33M in USDC and $1.04M in USDT shortly after the attack; security firm CertiK separately tallied combined losses of ~$8.4M when adding a prior Unichain exploit involving Bunni. Euler Finance’s CEO Michael Bentley noted that Euler itself was not impacted, even though Bunni channels liquidity through Euler for certain strategies.
UNI Underperforms as Traders Weigh DeFi Risks
As of this writing, the broader crypto market has remained steady despite the exploit, though Uniswap’s native token UNI has seen underperforming compared to major assets.
Currently, UNI is trading around $9.53, down 0.5% over the past 24 hours with an intraday range of $9.16 to $9.63. While RSI (14) at 41.5 suggests neutral momentum, it sees weakening pressure on the downside.
Meanwhile, ETH is trading at approximately $4,381.39, down 0.6% in the day with trading range of $4,238.45-$4,420.33. BTC, on the other hand is trading around $109,966, up 1.2% in the day after falling below $107,500 area while reaching intraday highs of approximately $110,641.
Why the Incident Raises DeFi Red Flags
The Bunni exploit underscores the double-edged nature of DeFi innovation. By extending Uniswap’s core architecture with custom “hooks,” developers can design new automated market maker features, but these same modifications can introduce unforeseen vulnerabilities.
Bunni’s presence on both Ethereum and Unichain further complicate security, as a single flawed logic module can be exploited in multiple environments. For crypto investors and portfolio managers, this highlights that even projects connected to reputable ecosystems carry significant smart contract risk.
What’s Next for Bunni and UNI Holders
Bunni all activity is currently at pause as engineers investigate the exploit and prepare a post-mortem, The team is expected to publicize details on the vulnerability, recovery options, and security fixes before going back at operations.
For UNI holders, the market impact remains limited for now. If no further issues surface, UNI’s price could stabilize, but prolonged uncertainty around Bunni may weigh on sentiment in the short term.
Summary
Bunni DEX was exploited for $8.4M across Ethereum + Unichain via faulty liquidity logic. Bunni paused contracts; funds landed in attacker wallets. UNI fell modestly (~$9.53), underperforming majors.
Exploit highlights smart contract risks of custom AMM hooks. Resolution speed and transparency will shape UNI sentiment.
