Decentralized exchange (DEX) BunniXYZ has reportedly lost $8.4 million to a liquidity-based security exploit.

According to on-chain security firm Hacken, $6 million of the DEX's funds was stolen via the Unichain blockchain and $2.4 million via Ethereum. All Unichain funds were then bridged to Ethereum using the Across Protocol.

Confirming the attack in a tweet, BunniXYZ said that it had paused all smart contract activity on its network and was “actively investigating” the circumstances of the attack. It added that it would provide updates soon.

Founded in February 2025, BunniXYZ is based on automated market maker Uniswap v4, and primarily uses the Ethereum and Unichain blockchains. It currently has a cross-chain Total Value Locked (TVL) of just over $50 million according to DeFiLlama, though it exceeded $80 million at one point earlier this August.

Michael Bentley, co-founder of lending protocol Euler, advised users to remove their funds from Bunni in a tweet, adding that while the DEX rebalances funds in and out of Euler, the lending protocol is "not affected or at risk." Euler endured a major exploit of its own in 2023 that saw hackers steal nearly $200 million, the bulk of which was later recovered.

What happened?

According to on-chain analyst Victor Tran, co-founder of Kyber Network, hackers manipulated Bunni’s “liquidity curve,” also known as its LDF (Liquidity Density Function). This is the system that calculates how much extra liquidity exists within the exchange and rebalances its liquidity pool to keep the right ratio of tokens.

Tran said hackers manipulated this LDF “by making trades of very specific sizes.” This caused the rebalancing calculation to break, producing incorrect results for how much each liquidity pool share should own.

By repeating this process, hackers allegedly withdrew more tokens than they should have been able to from Bunni.

Bunni itself has not yet confirmed the mechanism behind the attack.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。