Bunni DEX has shut down! After reaching a peak of 80 million TVL, it encountered a fatal vulnerability of 8.4 million.

The decentralized exchange Bunni DEX has closed due to a loss of 8.4 million USD in September, becoming the second abandoned encryption project team this week. In a post, the team stated that they would cease operations due to a lack of funds. Recent vulnerabilities have forced the development of Bunni DEX to stagnate, and to safely restart, they need to pay six to seven figures in audit and monitoring costs.

840 million dollar vulnerability attack deals a fatal blow to Bunni DEX

Bunni DEX closed

(Source: Bunni DEX)

Bunni DEX was exploited on September 2 on the Ethereum and Layer 2 network Unichain, resulting in losses of up to 8.4 million USD. Subsequently, related operations were suspended. In a blog post on September 4, Bunni DEX stated that malicious actors exploited the protocol's codebase. The technical details of this attack revealed that hackers identified a logical flaw in the liquidity allocation function, allowing them to manipulate the price oracle and extract excess funds.

Bunni DEX is built on Uniswap v4 and optimizes liquidity provider returns through a custom mechanism called the liquidity allocation function. This innovative mechanism was originally the core competitive advantage of Bunni DEX, allowing liquidity providers to dynamically adjust fund distribution based on market conditions, thus achieving higher yields. However, it is this complex custom mechanism that has become the entry point for security vulnerabilities.

According to DefiLlama, before this attack occurred, Bunni DEX had been growing at an exponential rate, with its TVL soaring from $2.23 million on June 10 to nearly $80 million on August 19, an increase of more than 35 times in just two months. This explosive growth demonstrates the market's recognition of Bunni DEX's innovative mechanisms, with liquidity providers attracted by its higher yields, migrating funds from other DEXs to Bunni DEX.

From the peak of 80 million dollars in TVL to a loss of 8.4 million dollars due to a vulnerability, and finally to a complete shutdown, the fate of Bunni DEX underwent a dramatic reversal in just two months. This case once again demonstrates the harsh reality of the cryptocurrency space: while technological innovation is important, security is the prerequisite for survival. An inadequately audited smart contract, no matter how innovative its functions, can become a fatal ticking time bomb.

The team stated that they do not need to spend a large amount of money to cover development costs and other expenses necessary to get the protocol back on track. This statement is actually a euphemistic acknowledgment of the funding dilemma. In a post on X on Thursday, the team said: “Recent vulnerabilities have forced the development of Bunni DEX to come to a halt, and to safely restart, we need to pay six to seven figures in audit and monitoring costs— which we simply do not have.”

Audit fees become the last straw that breaks Bunni DEX

Audit and monitoring costs in the range of 6 to 7 figures imply a need for 1 million to 10 million dollars. This figure is astronomical for a project that has just suffered an 8.4 million dollar loss. Why are security audits so expensive? Professional smart contract auditing firms like Trail of Bits, Certik, and OpenZeppelin typically charge hundreds of thousands to millions of dollars for comprehensive audits of complex DeFi protocols, with timeframes extending to several months.

In addition to one-time audit fees, ongoing monitoring services also require substantial funding. Real-time monitoring systems need to operate 24/7, and once abnormal transactions are detected, alarms and automatic defense mechanisms are triggered immediately. Such enterprise-level security infrastructure is essential for handling tens of millions of dollars in assets on a DEX, but it is an unbearable burden for the already bleeding Bunni DEX.

A few days before the closure of Bunni DEX, the founding team of the first layer blockchain Kadena announced that it would cease operations due to challenging market conditions. This chain reaction has sparked discussions in the industry about whether a “crypto winter” is returning. On Tuesday, the Kadena founding team announced that they would gradually shut down and stop all network operations, citing a severe market environment. According to CoinGecko, since the announcement, the network's native token KDA has plummeted by 70%, with the current trading price at $0.06.

Three Main Reasons for Bunni DEX Closure:

8.4 million USD vulnerability loss: directly undermined the project's financial foundation and market confidence.

6-7 digit audit fees: The security costs required for the restart far exceed the team's capacity.

Lack of Subsequent Financing: Unable to secure support from new investors after the collapse of confidence.

This kind of predicament is not unique in the DeFi space. Many innovative protocols, during their rapid growth phase, overlooked security investments, focusing resources on product development and marketing. When security incidents occur, the repair costs often far exceed expectations, and by that time, market confidence has already collapsed, making it difficult to secure new funding. The failure of Bunni DEX has provided the entire industry with a painful lesson: security investment is not a cost, but a necessity for survival.

MIT Open Source Heritage and User Asset Extraction

Although operations have ceased, the team has re-licensed the Bunni DEX v2 smart contract from a commercial source license to an MIT license, which is an open-source software license that has received some praise from the community. This decision demonstrates that the team maintained a certain level of professional integrity upon shutting down, being willing to contribute the technology to the open-source community rather than permanently archiving the code.

The MIT License is one of the most permissive open source licenses, allowing any developer to utilize all the features and innovations developed by Bunni DEX, such as liquidity distribution functionality, surge fees, and autonomous rebalancing. Although these technological innovations did not achieve commercial success on Bunni DEX, their technical value still exists. Other DeFi protocols can improve upon the foundation of Bunni DEX, learn from security lessons, and launch more robust products.

The team also stated that users will be able to withdraw assets through the website until further notice. This is a responsible way to close, ensuring that users do not lose funds due to the protocol's closure. Additionally, the remaining funds will be distributed to BUNNI, LIT, and veBUNNI token holders after obtaining the necessary legal approvals; however, team members will not receive any funds. This arrangement demonstrates the team's willingness to take responsibility and return the remaining value to the community.

The team stated that they will continue to cooperate with law enforcement to recover the 8.4 million dollars stolen by malicious actors. Although this effort has a low success rate (the recovery rate for cryptocurrency theft cases has historically been very low), it at least demonstrates the team's attitude. For the affected users, this provides a glimmer of hope, even though recovering the funds may take years.

Industry Warning of Continuous Collapse of Encryption Projects

Bunni DEX has become the second closed encryption project this week, and this chain reaction of closures is worth the entire industry’s vigilance. The founding team of the Layer 1 blockchain Kadena announced their exit on Tuesday, citing a harsh market environment. Although the founding team has stepped down, the network will continue to exist and be driven by the community. However, market reactions have been extremely negative, with the KDA token plummeting 70% since the announcement, currently trading at $0.06.

Does this series of chain bankruptcies herald the return of the “crypto winter”? From a macro perspective, the current market conditions are indeed challenging. Global liquidity tightening, regulatory uncertainty, and the sideways consolidation of major cryptocurrencies have made it difficult for emerging projects to secure funding. For projects that have already suffered significant losses, seeking financing in this environment is almost impossible.

The failures of Bunni DEX and Kadena provide a common lesson: a sustainable business model and sufficient capital reserves are the foundation for a project's survival. In a bull market, these issues may be masked, but when the market cools down, projects lacking self-sustainability will be the first to fall. For investors, assessing a project's long-term sustainability, rather than being misled by short-term TVL growth or technological innovations, is key to protecting assets.

KDA-6.11%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 1
  • Repost
  • Share
Comment
0/400
DidNotStopLossInTimevip
· 10-23 07:51
I have already achieved financial freedom, hahaha I don't care anymore.
View OriginalReply0
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate App
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)