According to Onchain data from multiple Web3 security companies, after an attacker manipulated the platform’s liquidity calculations, a distributed exchange Bunni was victim of an exploit, losing about $2.4 million after the attacker manipulated the platform’s liquidity calculations.
“The Bunni app is affected by security exploits,” the team confirmed on X on Tuesday. “As a precaution, we have paused all smart contract functionality on all networks. Our team is actively investigating and will provide updates immediately,” the team added.
The attack targeted Bunni’s Ethereum-based smart contract. The funds were sent to addresses holding $1.33 million in USDC (USD) and $1.04 million in USDT (USDT).
Bunni Core Contributor @psaul26ix asked users to withdraw funds from the platform as soon as possible. “If Bunni has money, remove it as soon as possible,” they wrote to X.
Cointelegraph contacted Bunni and Euler for comment but did not receive a response from the publishing.
Related: Indian Court Judgment 14 Bitcoin Fear Tor Case Returns to Life
How Bunini was victim to the hack
Although it remains incomplete after technical death, early analysis from developers and researchers points to flaws in how Bunni handles liquidity rebalance.
Built on top of Uniswap V4, Bunni uses a custom mechanism called the Fluidity Distribution Function (LDF) rather than the default logic of UnisWap. This mechanism allows Bunni to optimize liquidity allocations to price ranges, aiming to increase liquidity provider returns.
According to Victor Tran, co-founder of Kybernetwork, the attacker was able to manipulate the LDF curve by performing trades of a specific size that triggered the failed rebalance logic.
“Exploiter thought that by doing very specific sizes, we could manipulate this LDF,” Tran wrote to X:
The attacker appears to have run the exploit multiple times, gradually draining the protocol’s funds without causing an alarm right away.
Related: Criminals use AI to “vibe hack” at an unprecedented level: humanity
Crypto hacks $163 million in August
In August, Crypto Hackers and Scammers stole more than $163 million in 16 separate cases, a 15% increase from $142 million in July. This figure is still 47% lower than last year, but it reflects a troubling increase in targeted attacks as the crypto market gains momentum.
Peckshield and other cybersecurity experts have focused on strategic changes in hacker behavior, with attackers currently focusing on centralized exchanges and high-value individuals rather than small, distributed targets.
The biggest loss in August came from social engineering attacks. There, Bitcoiner was tricked into sending 783 BTC (valued by $91 million) to an attacker pretending to be a support agent for Crypto Exchange and Hardware Wallet Provider.
magazine: Coinbase hack shows that the law probably doesn’t protect you – this is why
