A decentralized exchange that had rapidly grown to manage nearly $80 million in locked assets announced its permanent shutdown this week, becoming the second major crypto project to cease operations within 48 hours as financial pressures and security vulnerabilities continue plaguing the digital asset sector.
Bunni, a decentralized exchange built on Uniswap V4 technology, confirmed Wednesday that it cannot afford the six- to seven-figure costs required to securely relaunch the platform following a devastating September 2 exploit that drained $8.4 million from liquidity pools across Ethereum and Uniswap's layer-2 network Unichain.
Liquidity Distribution Vulnerability Exploited
The attack targeted a critical flaw in Bunni's proprietary Liquidity Distribution Function, a mechanism designed to optimize returns for liquidity providers by dynamically allocating capital across different price ranges. Security firms CertiK and Halborn traced the exploit to sophisticated rounding errors that allowed attackers to manipulate internal calculations through flash loan attacks.
Halborn's post-mortem analysis revealed that the vulnerability stemmed from an unexpected consequence in the protocol's withdraw function. Developers had incorrectly assumed that rounding a key value downward would increase idle balances, but the opposite occurred - enabling attackers to withdraw disproportionate amounts of tokens while burning minimal liquidity.
The hackers executed carefully calibrated trades using specific amounts that confused Bunni's rebalancing calculations, gradually draining approximately $2.4 million from Ethereum and $6 million from Unichain before consolidating the stolen assets - primarily USDC and USDT stablecoins - into Ethereum wallets.
Meteoric Rise Cut Short
The closure represents a dramatic reversal for a platform that had experienced explosive growth in the months before the attack. According to DeFiLlama data, Bunni's total value locked surged from just $2.23 million in mid-June 2025 to nearly $80 million by August 19 - a 35-fold increase that highlighted strong market appetite for its innovative automated market maker technology.
The platform had undergone security audits by respected firms including Trail of Bits and Cyfrin.
However, it remains unclear whether the exploited vulnerability was identified in those reviews or introduced through subsequent code changes - a common risk in rapidly evolving DeFi protocols where teams frequently update smart contracts to add features or optimize performance.
Prohibitive Recovery Costs
In their shutdown announcement, the Bunni team explained that securely relaunching operations would require substantial investment in comprehensive security audits, continuous monitoring infrastructure, and months of business development work to rebuild user confidence and restore liquidity.
"The recent exploit has forced Bunni's growth to a halt, and in order to securely relaunch, we'd need to pay 6-7 figures in audit & monitoring expenses alone - requiring capital that we simply don't have," the team stated in their X post. "It is with saddened hearts that we announce the shutdown of Bunni."
According to Bunni's post-mortem report, the stolen assets have already been laundered through Tornado Cash, significantly complicating recovery efforts. The team offered attackers a 10% bounty to return the remaining funds while continuing to cooperate with law enforcement agencies.
User Fund Withdrawals and Treasury Distribution
Despite the closure, Bunni confirmed that users can still withdraw their remaining assets through the official website until further notice. The project plans to distribute remaining treasury funds to holders of BUNNI, LIT, and veBUNNI tokens based on a snapshot that will exclude team members - ensuring that community members rather than insiders receive any residual value.
In a final gesture to the broader DeFi ecosystem, Bunni relicensed its V2 smart contracts from the restrictive Business Source License to the permissive MIT open-source license.
This decision makes the platform's innovations - including Liquidity Distribution Functions, surge fees, and autonomous rebalancing mechanisms - freely available for other developers to integrate and build upon.
Second DeFi Shutdown in 48 Hours
Bunni's closure came just one day after another significant project exit shook the cryptocurrency sector. The Kadena Foundation announced Tuesday that it would immediately cease all business operations and stop maintaining the Kadena blockchain network, citing adverse market conditions that made continued development unsustainable.
Founded by former JPMorgan blockchain engineers Stuart Popejoy and Will Martino, Kadena launched in 2019 as a proof-of-work alternative to Ethereum, promising enterprise-grade scalability through a unique "braided" multichain architecture. At its November 2021 peak, KDA traded above $27 and the project reached a valuation exceeding $4 billion.
However, the native KDA token plummeted more than 60% - from approximately $0.23 to below $0.10 - within 90 minutes of the shutdown announcement, erasing nearly $268 million in market capitalization. The token has now crashed over 99% from its all-time high, trading near $0.085 at press time.
While the Kadena blockchain will continue operating through independent miners and community developers - with 566 million KDA remaining allocated for mining rewards until 2139 - the loss of the core development team effectively leaves the network's future uncertain.
Broader Security Crisis
The back-to-back shutdowns underscore mounting pressures facing smaller blockchain projects amid challenging market conditions and relentless security threats. The Bunni attack fits into a troubling pattern of DeFi exploits, with August 2025 alone witnessing over $163 million stolen across 16 separate incidents—a 15% increase from the previous month.
The cryptocurrency industry has lost more than $300 million to hacks and scams over the past two months, with the DeFi sector bearing disproportionate losses. Security experts note that attackers are becoming increasingly sophisticated, often targeting newer protocols with complex custom mechanisms that create attack surfaces absent from battle-tested standard implementations.
For the broader DeFi ecosystem, these closures serve as sobering reminders that technical innovation alone cannot guarantee survival. Projects must balance ambitious feature development with rigorous security practices, maintain adequate financial reserves for unexpected crises, and navigate an increasingly competitive landscape where user trust - once lost - proves extraordinarily difficult to rebuild.