Bunni, a decentralized exchange platform, has released a report detailing the security breach that occurred on September 2nd. The team confirmed the restoration of withdrawal functionality for liquidity providers, allowing them to access their assets. However, the other operations, including deposits and trading, remain suspended. 1
The incident was caused by a rounding error in the smart contract, creating a vulnerability exploited through a flash loan of $8.4 million. Bunni has implemented updates to rectify this issue. Stolen funds, totaling $8.4 million, were transferred via Tornado Cash, and the platform is offering a 10% bounty for their return to the attacker. Furthermore, Bunni is collaborating with law enforcement agencies and requesting centralized exchanges to freeze related accounts for investigation.
2
This incident underscores the importance of security in decentralized platforms like DEXs.