Bunni DEX Suffers $2.3M Hack, Exposes Key DeFi Security Vulnerabilities

Decentralized exchange Bunni has suffered a $2.3M exploit on the Ethereum blockchain, per blockchain security scanner Blocksec ￰0￱ exploit occurred on Tuesday and appears to have been caused by unauthorized ￰1￱ attackers reportedly targeted Bunni’s Ethereum -based smart contracts, though the exact technique is yet to be disclosed. ALERT! Our system detected a suspicious transaction targeting @bunni_xyz ’s contract on #Ethereum , and the loss is ~$2.3M. Please take actions ASAP. — BlockSec Phalcon (@Phalcon_xyz) September 2, 2025 Per Etherscan , the perpetrators drained funds from the platform to the address 0xE04e… 64f2b, which held Aave Ethereum USDC and Aave Ethereum USDT ￰2￱ Protocol Pauses all Smart Contract Functions Soon after the initial flagging of the exploit, Bunni protocol posted on X that its team is investigating the breach.

“The Bunni app has been affected by a security ￰3￱ a precaution, we have paused all smart contract functions on all networks,” said Bunni. “Our team is actively investigating and will provide updates soon.” The Bunni app has been affected by a security ￰4￱ a precaution, we have paused all smart contract functions on all ￰5￱ team is actively investigating and will provide updates ￰6￱ you for your patience. — Bunni (@bunni_xyz) September 2, 2025 Bunni DEX allows users to trade crypto directly with each other, without the need for a central ￰7￱ platform relies heavily on smart contracts in order to facilitate ￰8￱ Bentley, Co-founder and CEO of Euler Labs, urged users to “remove funds from Bunni ASAP.” He added that Bunni rebalances funds in/out of Euler, assuring Euler is not affected or at ￰9￱ Exposes Smart Contract Security Risks Smart contracts, which work on blockchain networks, can be used for trading, managing financial transactions and ￰10￱ they are digital, smart contract security becomes ￰11￱ can come from various factors like code bugs, blockchain vulnerabilities, and programming language flaws, notes blockchain security auditor ￰12￱ 2023, smart contract vulnerabilities accounted for over $686 million in losses, said ￰13￱ from Apex, a DEX for derivatives trading, told Cryptonews that these vulnerabilities can be controlled by interacting “only with contracts audited by reputable firms.” Further, limiting token approval permissions can prevent wallet-draining exploits, they added.