Post: Oracle Exploit Drains $9M From Bonzo Lend on Hedera

Oracle Exploit Drains M From Bonzo Lend on Hedera

Bonzo Lend, a Hedera-based lending protocol, lost nearly $9 million when an attacker manipulated the value of SAUCE used as collateral, allowing the account to borrow more assets than it was worth.

In a preliminary incident report published Saturday, Bonzo said The attacker deposited 250 sous before submitting the price update, which was only worth a few dollars. The wallet then borrowed 6.63 million USDC and 34.5 million wrapped HBARs from the lending pool.

The case illustrates how Oracle’s failures can turn low-cost collateral from a lending protocol into a tool for extracting large amounts of liquidity, even as the application and underlying network continue to function as designed.

Bonzo attributed the incident to a flaw in Supra’s on-chain oracle verifier, which accepted a manipulated SAUCE value with a zero signature. Supra acknowledged the problem and deployed a solution, Protocol said, while stressing that the incident did not pose a threat to Bonzoland’s contracts or Hedera’s core network.

pasted image 554

Estimate the economic impact of the event. Source: Bonzo Finance

Defy Hex continues to put pressure on the sector.

This event adds to the growing number of exploits targeting decentralized finance (DeFi) protocols in 2026.

The second quarter was the most hacked quarter on record by incident count, with 83 exploits and approximately $755 million stolen. Cross-chain bridge exploits accounted for $351 million, while compromised administrator attacks and fraudulent token price manipulation accounted for 37% of quarterly losses.

In 2026, DeFi’s total value locked (TVL) decreased by 39% to more than $70 billion in June from around $115 billion in January. CryptoRank recorded 121 hacks and losses of around $942 million during the period, saying that frequent security incidents affected user confidence and fueled capital outflows.

Related: ‘All-DeFi insecure’ claim fuels AI security debate after April hack surge

The Bonzo incident also follows similar collateral price manipulation at Stellar. In February, attackers withdrew nearly $10 million from a loan pool managed by the YieldBlox DAO after manipulating the price path used to value USTRY collateral, allowing them to borrow more assets than the token was actually worth.

Magazine: Will Crypto Lobby’s $189M Campaign Clear the Line?

Cointelegraph is committed to free, transparent journalism. This news article has been prepared in accordance with Cointelegraph’s editorial policy and aims to provide accurate and timely information. Readers are encouraged to independently verify information.