markets

Bonzo Lend Drained of $9M via Oracle Exploit on Hedera

Summarized from Cointelegraph

An attacker manipulated SAUCE collateral prices through Supra's oracle flaw, pulling $9M from Bonzo Lend on Hedera.

A hacker just walked off with $9 million from Bonzo Lend, a lending protocol running on the Hedera network. The attack wasn't some brute-force hack — it was surgical. The attacker exploited a flaw inside Supra's on-chain oracle verifier to artificially inflate the price of SAUCE token collateral, then borrowed against that inflated value. Classic oracle manipulation playbook, and it worked.

Oracle exploits are nothing new in DeFi, but they keep happening because protocols keep trusting external price feeds without enough circuit breakers. If your lending platform can't detect that collateral just 10x'd in seconds, you're a sitting target. Bonzo Lend learned that lesson the hard way to the tune of nine figures in losses.

Read more Two Mag Seven Stocks Wall Street Says Have the Most Upside →

Hedera is often marketed as a faster, more enterprise-grade alternative to Ethereum-based chains, but this attack proves no ecosystem is immune when smart contract infrastructure has a soft underbelly. The weak link here was Supra's oracle verifier — a third-party dependency that became the entire attack surface.

If you're holding funds in any lending protocol right now, ask yourself one question: who feeds that platform its price data, and what happens if that feed gets gamed? This exploit is a live stress test that most protocols quietly fail. Audit the oracle layer, not just the smart contract. Until teams take that seriously, events like this will keep repeating.

Continue reading at Cointelegraph.

Frequently Asked Questions

Q.How did the Bonzo Lend exploit on Hedera work?

The attacker used a flaw in Supra's on-chain oracle verifier to artificially inflate the price of SAUCE token collateral, then borrowed $9 million against that manipulated value from Bonzo Lend.

Q.How much money was stolen from Bonzo Lend?

The attacker drained approximately $9 million from the Bonzo Lend protocol through the oracle manipulation exploit.

Q.What is Supra's role in the Bonzo Lend hack?

Supra provides the on-chain oracle verifier that Bonzo Lend relied on for price data. A flaw in that verifier was the entry point the attacker exploited to manipulate SAUCE collateral values.

More in markets →