Back to top
  • 공유 Share
  • 인쇄 Print
  • 글자크기 Font size
URL copied.

Bonzo Lend Exploit Drains $9M After Oracle Vulnerability on Hedera

Bonzo Lend Exploit Drains $9M After Oracle Vulnerability on Hedera. Source: Photo by panumas nikhomkhai

Bonzo Lend, a decentralized lending protocol built on the Hedera network, has suffered an estimated $9.05 million exploit after an attacker manipulated a third-party Supra oracle through a verification flaw, enabling the withdrawal of assets far exceeding the value of the collateral provided.

According to Bonzo’s preliminary incident report, the attacker deposited 250 SAUCE tokens, which held minimal value, before submitting a falsified price update that dramatically inflated the token’s value in HBAR. The manipulated oracle data allowed the attacker to appear heavily overcollateralized and borrow millions of dollars in assets.

The compromised account reportedly withdrew 6.63 million USDC and 34.52 million wrapped HBAR (WHBAR). Based on the report’s reference HBAR price of $0.06998, the stolen assets were valued at approximately $9.05 million.

Bonzo also disclosed that a second wallet borrowed roughly $1 million worth of assets while the manipulated price remained active. However, the protocol said the wallet later contacted the team through Discord, identified itself as a white-hat security researcher, and stated its intention to return the funds.

As a result, Bonzo excluded those assets from its official loss estimate, placing the total principal borrowed during the exploit at approximately $10.06 million before any potential recovery.

The incident has had a significant impact on the Hedera decentralized finance ecosystem. According to DefiLlama, Hedera’s total value locked (TVL) has fallen to around $25.7 million, representing a decline of nearly 40% over the past 24 hours following the exploit.

The attack underscores the growing security risks surrounding decentralized finance protocols that rely on external oracle providers. Oracle vulnerabilities remain one of the most common attack vectors in DeFi, as manipulated price feeds can allow attackers to bypass collateral requirements and drain lending platforms.

Bonzo said its investigation is ongoing and is continuing to assess the full impact of the exploit while working to recover funds and strengthen protocol security. The incident serves as another reminder of the importance of robust oracle verification and comprehensive smart contract safeguards across the DeFi ecosystem.

<Copyright ⓒ TokenPost, unauthorized reproduction and redistribution prohibited>

Most Popular

Comment 0

Comment tips

Great article. Requesting a follow-up. Excellent analysis.

0/1000

Comment tips

Great article. Requesting a follow-up. Excellent analysis.
1