🐣 Pokémon $CARDS Are Farming

Justin Sun - early backer of WLFI, $75M investor, TRON founder, dinner guest of the Trump family, and soon-to-be IPO CEO - just had his wallet blacklisted by World Liberty Financial?? All while $WLFI.X ( ▲ 3.97% ) crashed 24% overnight.

Here’s what we got for you today:

• ⭐ 6 Things You Shouldn’t Miss

• 👀 Bunni DEX Hacked for $8.4M. Is Uniswap V4 Invol …

• 💥 The Dark Side of Prediction Markets. How Whales …

• 🤡 Meme Of The Day

⭐ 6 Things You Shouldn’t Miss

🎉 Linea just opened the airdrop checker. 10% of total $LINEAR.X ( ▲ 0.38% ) supply = 7.2B tokens up for grabs. 749,662 addresses passed the eligibility test. You can now check if yours is eligible in this site. This is one of the fairest and most transparent airdrops we’ve seen. No hidden supply games. Claim window: Sept 10 - Dec 9, 2025. Don't miss it.

📅 Mark the date: October 21. The Federal Reserve will host its Payments Innovation Conference and for the first time, stablecoins, tokenization, DeFi, and AI are on the main agenda. The event will be livestreamed publicly on the Fed's official YouTube. This could be a turning point for the future of crypto regulation in America.

📜 Polymarket gets the greenlight from the CFTC, officially returns to the U.S. market after 3 years. MrBeast, Trump Jr., Elon Musk are all backing it. It proves prediction markets can be legalized in the U.S. In July only, Polymarket saw 11,500+ new markets launched. Polymarket vs Kalshi = the prediction market battle to watch.

🎴 Pokémon cards just went on-chain and crypto collectors are going wild. Collector Crypt’s new token $CARDS.X ( ▲ 10.13% )  exploded from $23M to $85M in 24 hours. With gacha-style pack openings, instant resell options, and a booming trading scene, it’s turning TCG nostalgia into a full-on Web3 dopamine rush.

🚫 World Liberty Financial (WLFI) just blacklisted Justin Sun’s wallet after detecting him sending $9M in $WLFI.X ( ▲ 3.97% ) to wallets tied to HTX and Binance. This came just as WLFI token dropped 24% in a single day. He's even a key investor of WLFI launched on Sept 1. This may not violate any lockup, yet World Liberty still acted.

🏗️ Stripe and Paradigm (top crypto VC) just launched "100,000+ TPS" Tempo, a high-speed Layer 1 built specifically for stablecoin payments. It's currently in private testnet, but still attracting giants like OpenAI & Anthropic, Deutsche Bank, Visa, Shopify... Seems like everyone’s racing to own the blockchain payments layer.

👀 Bunni DEX Hacked for $8.4M. Is Uniswap V4 Involved?

In a major blow to the DeFi space, Bunni DEX has just suffered a multi-chain exploit that drained over $8.4 million from its liquidity pools. The team has paused all smart contracts while emergency investigations are underway.

Bunni is a key player building on Uniswap V4 infrastructure. So does this attack reveal deeper risks tied to Uniswap V4 architecture? Or was it an isolated exploit?

1️⃣ What Actually Happened in the Bunni Hack?

Bunni is a platform that lets users farm or provide liquidity, it’s built directly on Uniswap V4, the leading DEX in crypto.

Uniswap V4 introduced a powerful new feature: "hooks", allowing projects to customize smart contracts and build more flexible liquidity strategies.

→ Bunni used this to build something called the Liquidity Distribution Function (LDF).

In simple terms, when you provide liquidity within a certain price range (like a trading band), you stop earning fees if the market price goes outside that range

→ Bunni auto-adjusts your price range to keep your funds optimized and in range.

So what went wrong?

• On Sept 2, 2025, security firm Blocksec Phalcon reported that Bunni was hacked. The attack affected both Ethereum and Unichain:

  • $6M drained from the USDC/USDT pool on Ethereum ($ETH.X ( ▼ 1.5% ) )

  • $2.3M drained from the ETH/weETH pool on Unichain

    → Total losses estimated at $8.3–8.4 million

• 2 Ethereum wallets have been identified as the recipients of the stolen funds. The stolen funds, mostly USDC and USDT from Aave vaults, were tracked to wallet: 0xE04e…64f2b

In response, the Bunni team immediately paused all smart contract functions and urged the community to stay updated. Withdrawals are currently disabled. They've sent on-chain messages to the hacker and are tracking both suspicious wallets.

While the attacker’s identity is still unknown, on-chain analysts say it was a deliberate, sophisticated exploit, not an accidental bug.

Bunni is working with top security firms to investigate and contain the damage:

• Seal 911

• Hypernative

• Cyfrin Audits

• Impossible

• BlockSec

A full-on “war room” has been activated to trace the exploit and diagnose root causes. $BUNNI.X ( ▲ 25.04% ) token dropped -42.9% in 24h, trading around $0.0064.

2️⃣ How Did the Bunni Hacker Steal $8.4M?

It followed a 3-step plan like below, executed with surgical precision:

Step 1: Price Manipulation

• The hacker first swapped a large amount of tokens in Bunni’s liquidity pool.

• This caused major price imbalance (p1), setting up the system for failure.

Step 2: Arithmetic Exploit

• Then came the main trick:
  → The hacker repeatedly withdrew liquidity, exploiting a math bug in Bunni’s smart contract.

• The bug caused the protocol to overpay liquidity providers, allowing the attacker to withdraw more than they should (p2).

• A leftover Foundry log showed the internal variable aB0 hit just 25 wei — a tiny value that made the math error exploitable

Step 3: Profit Swap

• With the assets in hand, the attacker swapped tokens back (likely to ETH or stablecoins) and walked away with over $2.3M profit (p3).

• Then, they bridged the funds via Across Protocol — making it harder to trace.

The attack targeted Bunni’s Liquidity Distribution Function (LDF), the feature responsible for adjusting and rebalancing user liquidity ranges.

→ By submitting precisely crafted inputs, the attacker tricked the system into misallocating token payouts to LPs.

Likely Use of Flash Loans:

• The attacker probably used a flash loan from Aave, borrowing a large amount of USDC/USDT,

• Manipulated the Bunni pools via LDF → drained funds → repaid loan within the same transaction.

• ⚠️ Important: Aave was not affected, only used as a liquidity provider (similar to Euler hack in 2023).

All signs point to a deliberate, well-executed attack, not random, not accidental.

3️⃣ How Does the Bunni Hack Affect Uniswap?

First, we can see the immediate damage:

• After the exploit, $BUNNI.X ( ▲ 25.04% ) dropped sharply

• In terms of actual lost funds, ~$8.4M is relatively small compared to DeFi’s worst hacks. But that’s not the biggest concern…

From Uniswap v1 to v3, the core team had tight control over what was deployed, including audits, safeguards, and security practices. But with Uniswap v4, the game changes:

→ It introduces “hooks”, letting any project build custom logic directly into liquidity pools.
→ This means third-party code now runs within Uniswap’s infrastructure.

Uniswap v4 is like a powerful OS (operating system). Even if the OS is secure, if the app (like Bunni) has a bug, users can still lose money.

Uniswap Labs doesn’t directly control what others build using hooks. That opens the door to indirect reputation damage and user trust risks

What's at Stake?

• Uniswap's 2025 TVL stands at roughly $4.5 billion. v4 alone surpassed $1 billion in TVL

• That number is likely to grow fast as more developers adopt v4.

• But every new “hook” brings new smart contract risk.

Bad code from one project can hurt the entire ecosystem.

💥 The Dark Side of Prediction Markets. How Whales Rig the Game

On-chain prediction markets seem fair but in reality, the outcome isn’t decided by consensus or reality. Not by: “Everyone saw it happen”. Not by: Community vote. But by: Oracle

It’s a system that tells smart contracts what happened in the real world. Think of it like the referee in a football match. Even if your team plays perfectly, one bad call from the ref can make you lose.

If the oracle says you're wrong, you’re wrong even if the real world says otherwise. In today’s post, we’ll answer these questions:

• Why do regular users lose money unfairly?

• How do whales manipulate prediction markets?

• Is prediction market just another form of gambling?

1️⃣ Why Do Users Lose Unfairly on Prediction Markets?

On prediction markets, the final result isn’t decided by public consensus or obvious real-world facts. It’s decided by the “oracle” - the system that feeds the final outcome to the smart contract.

Like I said above, even if you bet correctly, if the oracle says otherwise, you lose. Let me point out a real example: Polymarket x UMA

• This has happened multiple times on Polymarket (the world's largest prediction market), which uses UMA as its oracle.

• One time, global media and eyewitnesses confirmed an event clearly happened
  → But UMA’s oracle ruled the opposite, causing hundreds of millions in losses.

For retail users, it’s a nightmare, you “won” but still lose your money. And there’s no one to appeal to. No judge, no court. Just the oracle.

There’s no perfect fix to this, but here are 4 tips that help:

• Choose clear-cut markets.
  → Example: “Did Team A beat Team B 2–1?”
  → Avoid vague ones like “Was TikTok banned?” or “Did Zelensky wear a proper suit?”

• Read the market rules. Carefully.
  → One sentence can decide everything especially how the result is defined and what source is used.

• Know the oracle’s source.
  → Some markets rely on Reuters, some on tweets, some on Chainlink, etc.
  → If the source is shady or inconsistent, skip the bet.

• Don’t wait for 100%.
  → If your position is valued at 90–95% (almost guaranteed to win), take profits early.
  → Better to win slightly less than to get rug-pulled at the finish line.

Your best defense: bet on clear events, read the fine print, and exit before the final whistle

2️⃣ How Do Whales Manipulate Prediction Markets?

Whales have 2 key advantages in this market:

• Deep pockets

• Faster execution via bots and trading tools

🤡 Meme Of The Day

We read your emails, comments, and poll replies daily

Hit reply and say Hello – we'd love to hear from you!

Like what you're reading?

And if you’ve got a friend deep in crypto (or just getting started), feel free to forward this to them. They can sign up here.

Cheers,

The Crypto Fire

This newsletter is for informational purposes only and should not be considered investment advice. Traders should conduct thorough research, understand the risks, and carefully evaluate their decisions before investing in cryptocurrency.