Skip to content
FinanceExplore Symphony's Tech UniverseSports

Decentralized platform BunniXYZ Suffers $8.4 Million Loss Through Liquidity Manipulation

Decentralized Exchange (DEX) halts smart contract operations on its network, announcing an active investigation into the suspected attack, according to a recent statement.

 and  Administrator
2 min read
Centralized Swap Platform BunniXYZ Suffers $8.4 Million Loss Due to Liquidity Manipulation Incident
Centralized Swap Platform BunniXYZ Suffers $8.4 Million Loss Due to Liquidity Manipulation Incident

Decentralized platform BunniXYZ Suffers $8.4 Million Loss Through Liquidity Manipulation

In a shocking turn of events, the decentralized exchange BunniXYZ has reportedly lost $8.4 million due to a liquidity-based security exploit on September 2, 2025. This unfortunate incident was first observed by Victor Tran, co-founder of Kyber Network, and later confirmed by BunniXYZ.

The attackers are believed to have exploited vulnerabilities in Bunni's system, specifically targeting the Liquidity Density Function (LDF). This system, used to calculate extra liquidity within the exchange and rebalance its liquidity pool, was manipulated through trades of very specific sizes. As a result, the rebalancing calculation broke, producing incorrect results for how much each liquidity pool share should own.

The exploit resulted in the theft of $6 million via the Unichain blockchain and an additional $2.4 million via Ethereum. Interestingly, Bunni uses its own LDF instead of UniswapV4's normal system for liquidity distribution.

Following the incident, BunniXYZ has paused all smart contract activity on its network and is currently investigating the attack. Users have been advised to remove their funds from the platform, as Michael Bentley, co-founder of lending protocol Euler, suggested.

It's worth noting that this manipulation did not involve any specific bridge between blockchains, such as the Across Protocol. However, the Across Protocol was subsequently used to bridge Unichain funds to Ethereum after the exploit.

This incident comes at a time when the crypto world is still recovering from the aftermath of Euler's major exploit in 2023, where hackers stole nearly $200 million, with the bulk of the funds later recovered.

As of now, BunniXYZ has a cross-chain Total Value Locked (TVL) of just over $50 million according to DeFiLlama. The exact mechanism behind the attack on BunniXYZ is yet to be confirmed by the exchange.

For those interested in learning more about this incident, Victor Tran's tweet about the event can be found at this link: https://t.co/uCSWXyuAt2

Stay tuned for more updates as the investigation continues.

Read also:

Related

Latest