Bonzo Lend Suffers $9M Loss from Oracle Exploit on Hedera

Bonzo Lend Suffers $9M Loss from Oracle Exploit on Hedera

First seen 11 Jul 2026, 16:27 UTC CryptobriefingKucoinOdaily.NewsPluangbonzo.finance 83% similarity 71.0

Article Content

Browse articles
ThreatCluster

On July 11, 2026, Bonzo Lend, a Hedera-based lending protocol, experienced a significant security incident resulting in a loss of approximately $9 million. An attacker manipulated the price of the SAUCE token through a vulnerability in the on-chain oracle verifier provided by Supra, allowing them to borrow assets far exceeding the actual value of their collateral. The attacker deposited 250 SAUCE tokens, which were valued incorrectly due to the manipulated price update, inflated by roughly 12 orders of magnitude. This led to borrowing 6.63 million USDC and 34.5 million wrapped HBAR. Bonzo Finance confirmed that the exploit was not due to flaws in its smart contracts or the Hedera network, but rather a failure in the oracle's verification process. The incident has prompted Bonzo to pause its lending services while they work on remediation. Supra has acknowledged the issue and deployed a fix for the verifier. The incident highlights the critical importance of oracle security in decentralized finance (DeFi) protocols.

Key Points: • Bonzo Lend lost approximately $9 million due to an oracle exploit on July 11, 2026. • The attacker manipulated the SAUCE token price, allowing excessive borrowing against low-value collateral. • The exploit was attributed to a flaw in Supra's oracle verifier, not Bonzo Lend's smart contracts.

ThreatCluster AI

Timeline

2026-07-11
Oracle exploit on Bonzo Lend
An attacker manipulated SAUCE token pricing, allowing them to borrow $9 million against low-value collateral.
Kucoin
2026-07-11
Bonzo Lend pauses services
In response to the exploit, Bonzo Lend paused its lending services while investigating the incident.
bonzo.finance
2026-07-11
Supra acknowledges oracle flaw
Supra confirmed a vulnerability in its oracle verifier that allowed the manipulated price to be accepted.
Cryptobriefing

Community

Browse all →