Bonzo Lend Loses $9 Million in Oracle Exploit on Hedera

Featured in:
abcd

Hedera-based lending protocol Bonzo Lend lost approximately $9 million after an attacker manipulated the price of SAUCE used as collateral, allowing assets to be loaned out far in excess of the value of deposited funds.

In a preliminary incident report released Saturday, Bonzo said he said the attacker deposited 250 SAUCE, worth just a few dollars, and then provided a price update that inflated the token’s value by approximately 12 orders of magnitude. The portfolio then borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the loan pool.

sadasda

This case illustrates how oracle failures can turn a low-value security into a tool to siphon vast amounts of liquidity from lending protocols, even if the application and underlying network continue to function as intended.

Bonzo attributed the incident to a vulnerability in Supra’s Oracle onchain validator, which accepted the manipulated SAUCE price with a zero signature. The minutes stated that Supra had acknowledged the issue and implemented a fix, while emphasizing that the incident did not result from a loophole in Bonzo Lend’s contracts or Hedera’s backbone network.

Estimated economic impact of the incident. Source: Bonzo Finance

DeFi hacks continue to put pressure on the sector

The incident will contribute to an escalate in exploits targeting decentralized finance (DeFi) protocols in 2026.

The second quarter became the most hacked quarter in terms of incidents, with 83 exploits reported and approximately $755 million stolen. Cross-chain bridge exploits generated $351 million, while admin hacker attacks and bogus token price manipulation accounted for 37% of quarterly losses.

In 2026, DeFi’s total value locked (TVL) fell 39% to over $70 billion in June from around $115 billion in January. CryptoRank recorded 121 hacks and losses of about $942 million during the period, saying repeated security incidents likely impacted user confidence and increased capital outflows.

Related: The “All DeFi Dangerous” claim sparks debate over AI security after a wave of hacking attacks in April

The Bonzo incident also follows a similar security pricing exploit on the Stellar platform. In February, attackers siphoned approximately $10 million from a lending pool managed by the YieldBlox DAO after manipulating the price path used to value USTRA’s collateral, allowing them to borrow assets in excess of the token’s actual value.

Warehouse: Will the crypto lobby’s $189 million campaign bring TRANSPARENCY across the line?

Cointelegraph is committed to independent and lucid journalism. This news article has been produced in accordance with Cointelegraph’s Editorial Policy and is intended to provide exact and up-to-date information. Readers are encouraged to verify the information themselves.
abcd
sadasda

Find us on

Latest articles

Related articles

See more articles

Dogecoin traders eye $0.13 as DOGE regains key technical...

Dogecoin Traders Watch $0.13 as DOGE Recovers Key Technical Level is the kind of cryptocurrency story that...

Bitcoin Heads into Overdue Bear Market: Jamie Coutts, Real...

According to Real Vision's chief cryptocurrency analyst, Jamie Coutts, Bitcoin may enter the final phase of the...

Tether’s integration with TON pushes USDT deeper into Telegram’s...

Tether's integration with TON pushes USDT deeper into Telegram's cryptocurrency. It's the kind of crypto story that...

Ethereum Rises 3% on Tokenization Boom: Can Bulls Push...

The price of ether (ETH) rose 3% between Thursday and Friday, outperforming the broader cryptocurrency market. The...

Chainlink CCIP enters Arbitrum’s orbit as Layer 3 developers...

Chainlink CCIP Emerges into Arbitrum's Orbit as Layer 3 Developers Push for More Secure Messaging is the...

Dollar stablecoins could improve currency access but strengthen currency...

Dollar stablecoins can improve access to foreign currencies in economies with fixed or tightly managed exchange rates,...