Bonzo Lend Suffers $9M Oracle Exploit on Hedera Network
An attacker manipulated SAUCE token collateral via a Supra oracle flaw, draining $9M from Bonzo Lend on Hedera.
A hacker drained approximately $9 million from Bonzo Lend, a decentralized lending protocol operating on the Hedera blockchain, by exploiting a critical vulnerability in Supra's on-chain oracle verifier, according to a report by Cointelegraph. The attacker artificially inflated the perceived value of SAUCE tokens used as collateral, then borrowed against that inflated valuation to extract funds from the protocol.
The exploit centers on a flaw in the price-reporting mechanism provided by Supra, a third-party oracle service that Bonzo Lend relied upon to fetch and verify real-time asset prices. By manipulating how that verifier assessed SAUCE collateral, the attacker bypassed the lending protocol's risk controls and made off with $9 million in borrowed assets before the scheme was detected.
Read more Five Smartphone Chip Stocks to Watch in the Next Upgrade Cycle →
Oracle manipulation attacks have become one of the most persistent threats in decentralized finance, as protocols that depend on external price feeds inherit the security assumptions — and vulnerabilities — of those data providers. When an oracle can be tricked into reporting a false price, any lending platform that trusts it uncritically becomes exposed to exactly this kind of collateral-inflation drain.
The incident puts fresh pressure on DeFi projects to stress-test their oracle integrations and consider layered price verification, including time-weighted average prices and multi-source aggregation, to reduce single points of failure. It also raises questions about Supra's verification architecture and what remediation steps will follow for affected users on the Hedera network.
Continue reading at Cointelegraph.