Bunni DEX Exploiter Drains $2.3M From Ethereum Pools

The team paused all smart contracts as a precaution and said investigations are underway, with updates to follow.

Business Sep 2, 2025 0 1 Add to Reading List

Bunni DEX Exploiter Drains $2.3M From Ethereum Pools

Decentralized trading platform Bunni has been hit by a major exploit that drained around $2.3 million worth of funds, on-chain analysts confirmed today.

The breach, detected by blockchain security firm BlockSec, targeted vulnerabilities in Bunni’s Ethereum-based smart contracts.

ALERT! Our system detected a suspicious transaction targeting @bunni_xyz ’s contract on #Ethereum, and the loss is ~$2.3M. Please take actions ASAP.
— BlockSec Phalcon (@Phalcon_xyz) September 2, 2025

While the exact technique used by the attacker has not been made public, transaction data shows that funds were moved to the wallet address “0xE04…64f2b.” This address currently holds about $1.33 million in USDC and $1.04 million in USDT.

News of the exploit spread quickly after a Bunni core contributor, who goes by ‘@Psaul26ix’ on X, warned users to act fast. “If you have money on [Bunni], remove it ASAP,” the contributor posted, adding urgency as the attack unfolded.

Immediate Response And Broader Impact

The platform acknowledged the incident at 3:04 a.m. ET. in a post on X. “The Bunni app has been affected by a security exploit,” the statement read. “As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon.”

Built on Uniswap V4, Bunni offers decentralized trading with features designed to improve returns for liquidity providers through adaptive pools and incentive tokens. Those operations are now on hold while developers assess the damage.

Although reports initially suggested the exploit touched both Ethereum and UniChain, Ethereum appears to have been the primary target. In recent months, DeFi has seen a string of similar incidents, underlining just how vulnerable the sector becomes when security fails.

These platforms run on smart contracts, and a single overlooked flaw in the code can open the door to multi-million-dollar losses. Security researchers say the latest Bunni incident is a reminder that protocols must invest heavily in audits and monitoring to safeguard investor funds.

For now, users with assets in Bunni have been urged to withdraw their holdings until further notice. Investigations into the exploit are still ongoing.

Note: This is a developing story. More details are anticipated.