Bonzo Lend Suffers $9M Loss from Oracle Exploit on Hedera
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 11, 2026, Bonzo Lend, a Hedera-based lending protocol, experienced a significant security incident resulting in a loss of approximately $9 million. An attacker manipulated the price of the SAUCE token through a vulnerability in the on-chain oracle verifier provided by Supra, allowing them to borrow assets far exceeding the actual value of their collateral. The attacker deposited 250 SAUCE tokens, which were valued incorrectly due to the manipulated price update, inflated by roughly 12 orders of magnitude. This led to borrowing 6.63 million USDC and 34.5 million wrapped HBAR. Bonzo Finance confirmed that the exploit was not due to flaws in its smart contracts or the Hedera network, but rather a failure in the oracle's verification process. The incident has prompted Bonzo to pause its lending services while they work on remediation. Supra has acknowledged the issue and deployed a fix for the verifier. The incident highlights the critical importance of oracle security in decentralized finance (DeFi) protocols.
Key Points: • Bonzo Lend lost approximately $9 million due to an oracle exploit on July 11, 2026. • The attacker manipulated the SAUCE token price, allowing excessive borrowing against low-value collateral. • The exploit was attributed to a flaw in Supra's oracle verifier, not Bonzo Lend's smart contracts.