BunniXYZ Halts Contracts After $8.4 Million DeFi Exploit

BunniXYZ, a decentralized exchange built on top of Uniswap v4, has hit pause across all its smart contracts following a serious exploit that drained around $8.4 million in user funds. The project had been gaining early momentum, with nearly $50 million in Total Value Locked before the attack hit.

Exploit Took Advantage of Custom Liquidity Logic

The exploit targeted BunniXYZ’s Liquidity Distribution Function, a custom feature designed to optimize how liquidity is spread across trading ranges. Attackers figured out how to manipulate this system by submitting trades of precise sizes that triggered faulty rebalancing. This gave them access to more tokens than should have been available. Most of the funds were taken from deployments on Unichain, with the rest coming from Ethereum.

1. Bunni is a liquidity hook that runs on top of UniswapV4. Instead of using UniswapV4’s normal system, Bunni has its own liquidity curve called LDF (Liquidity Distribution Function).

2. After each trade, Bunni checks if its LDF curve has changed since the last trade. If it has,… https://t.co/uCSWXyuAt2

— Victor Tran (@vutran54) September 2, 2025

Response Was Immediate and Direct

The BunniXYZ team reacted fast. They froze contracts across supported networks and advised users to pull their funds for safety. The project is now in full investigation mode, working with auditors to pinpoint the bug and decide next steps. A timeline for returning to normal operations hasn’t been announced yet, but safety and transparency appear to be the focus for now.

DISCOVER: Best New Cryptocurrencies to Invest in 2025

A Promising Start Cut Short

BunniXYZ had built its protocol around Uniswap v4 but added its own flavor. The platform’s liquidity curves allowed for more customization and efficiency in trading positions. That extra flexibility introduced new risks. The exploit shows how even small logic changes in DeFi can open big vulnerabilities if not rigorously tested under real conditions.

DeFi Security Remains a Tough Puzzle

This incident highlights a familiar problem across the DeFi space. New features tend to come with new risks. Projects often race to deploy innovation, but without thorough checks, things can go sideways quickly. BunniXYZ’s situation adds another chapter to the long list of high-value exploits that have shaken confidence in smaller protocols.

Repairs Are Underway

The developers are reviewing what went wrong and are likely rewriting parts of the liquidity logic. A full post-mortem is expected once everything is verified. The community has been told to stay alert and wait for updates before interacting with contracts again. This kind of reset, while painful, gives projects a chance to rebuild smarter.

DISCOVER: 20+ Next Crypto to Explode in 2025

A Learning Moment for the DeFi Space

When new tech rolls out in DeFi, the spotlight turns to how well it’s built. BunniXYZ’s experience might encourage other teams to hold off on customizations until they’ve gone through multiple rounds of peer review and stress testing. Projects that add novel liquidity features need to remember that the risk grows with every layer added.

What Happens Next

BunniXYZ will likely return, but with stronger safeguards in place. This exploit may also spark more debate around protocol design and modular safety features in the next wave of DeFi tools. If anything, the space is learning in real time, one exploit at a time.

DISCOVER: 20+ Next Crypto to Explode in 2025 

Join The 99Bitcoins News Discord Here For The Latest Market Updates

The post BunniXYZ Halts Contracts After $8.4 Million DeFi Exploit appeared first on 99Bitcoins.