markets

Bonzo Lend Suffers $9M Oracle Exploit on Hedera Network

Summarized from Cointelegraph

An attacker manipulated SAUCE token collateral via a Supra oracle flaw, draining $9M from Bonzo Lend on Hedera.

A hacker drained approximately $9 million from Bonzo Lend, a decentralized lending protocol operating on the Hedera blockchain, by exploiting a critical vulnerability in Supra's on-chain oracle verifier, according to a report by Cointelegraph. The attacker artificially inflated the perceived value of SAUCE tokens used as collateral, then borrowed against that inflated valuation to extract funds from the protocol.

The exploit centers on a flaw in the price-reporting mechanism provided by Supra, a third-party oracle service that Bonzo Lend relied upon to fetch and verify real-time asset prices. By manipulating how that verifier assessed SAUCE collateral, the attacker bypassed the lending protocol's risk controls and made off with $9 million in borrowed assets before the scheme was detected.

Read more Five Smartphone Chip Stocks to Watch in the Next Upgrade Cycle →

Oracle manipulation attacks have become one of the most persistent threats in decentralized finance, as protocols that depend on external price feeds inherit the security assumptions — and vulnerabilities — of those data providers. When an oracle can be tricked into reporting a false price, any lending platform that trusts it uncritically becomes exposed to exactly this kind of collateral-inflation drain.

The incident puts fresh pressure on DeFi projects to stress-test their oracle integrations and consider layered price verification, including time-weighted average prices and multi-source aggregation, to reduce single points of failure. It also raises questions about Supra's verification architecture and what remediation steps will follow for affected users on the Hedera network.

Continue reading at Cointelegraph.

Frequently Asked Questions

Q.How did the Bonzo Lend attacker steal $9 million?

The attacker exploited a flaw in Supra's on-chain oracle verifier to artificially inflate the value of SAUCE tokens used as collateral on Bonzo Lend, then borrowed $9 million against that inflated collateral value.

Q.What is Supra's role in the Bonzo Lend hack?

Supra is a third-party oracle provider whose on-chain verifier contained the vulnerability that the attacker exploited. Bonzo Lend relied on Supra's price feeds to determine asset values for its lending operations.

Q.What blockchain does Bonzo Lend operate on?

Bonzo Lend is a decentralized lending protocol that operates on the Hedera blockchain network.

More in markets →