Crypto Hack News: Bunni Exchange Built on Uniswap v4 Suffer $2.4M Loss

Another hack news has once again rocked the world of decentralized finance (DeFi). On September 2, 2025, blockchain security firm PeckShieldAlert reported that a decentralized exchange (DEX) built on Uniswap v4, Bunni, was compromised to the value of approximately $2.4 million.

What Happened?

As PeckShieldAlert notes, the attackers were able to drain approximately $2,373,569 worth of assets in a wallet belonging to the Bunni exchange. As the snapshot of the wallet available through the security firm shows, the stolen money was mostly in the form of stablecoins like USDC and USDT.

This hack is also a continuation of a disturbing pattern of rising DeFi hacks , and analysts have noted an explosion in liquidity and lending protocol attacks. Not only had the exploit incurred severe financial losses, but it had also eroded trust in the platform that Bunni was developing to offer an easy way to handle liquidity on Uniswap v4.

Source: PeckShieldAlert X

Why This Hack Happened: Reasons and Loopholes?

According to cybersecurity experts, the exploit occurred because of both technical vulnerabilities and the ease of use in the current DeFi applications.

Smart contracts contain errors in their code or missed functions that hackers seek. These loopholes enable them to circumvent security checks and get access to funds once identified.

According to a 2025 study by Escape Tech, user-friendly interfaces may bring in more investors, but they also introduce 30% more interface-related hacks. Hackers take advantage of simplified layers of interaction in which users do not realize they are giving consent to malicious transactions.

PeckShield data indicate that almost three-quarters of DeFi exploits in 2024 would have been avoided had protocols been subject to regular and active code reviews.

These combined factors made the Exchange an attractive target for sophisticated attackers.

How This Hack Happened?

Although the technical specifics of the attack remain under research, early reports indicate that attackers exploited unauthorized smart contract manipulation to empty money. They could steal stablecoins out of user wallets and into theirs by taking advantage of weaknesses in the contract structure used by Bunni.

This approach is similar to past mega-breaches, including the $625 million Ronin Bridge hack in 2022, and demonstrates that this type of hacking is emerging as a trend in which hackers find system vulnerabilities to coordinate large-value thefts.

Actions Taken

Once the exploit was revealed, PeckShieldAlert was quick to alert the community and provide information about the stolen wallet. Bunni reportedly collaborates with blockchain security specialists in order to track stolen money and address the vulnerability.

Efforts may include:

• Freeze the suspicious addresses associated with the hack.

• Involving the police in tracking cross-chain funds.

• Introducing security audits to reveal and rectify holes in the protocol.

• The official compensation scheme has not been published by Bunni to the affected users, yet the discussions are being held in the community.

Conclusion

This incident highlights ongoing risks in Web3 protocols where users and investors face growing threats from hackers exploiting system vulnerabilities. In August 2025 itsef, 16 crypto hacks exploited around $163M which includes $BTC Hodler ($91.4M), btcturk ($54M), ODIN•FUN ($7M), BetterBank.io ($5M), and CrediX Finance ($4.5M) . The Bunni exploit is another reminder of the high-risk environment in decentralized finance.