RSS News Feed

Oracle Exploit Drains $9M From Bonzo Lend on Hedera


Hedera-based lending protocol Bonzo Lend misplaced about $9 million after an attacker manipulated the worth of SAUCE used as collateral, permitting the account to borrow belongings far past the worth deposited.

In a preliminary incident report revealed Saturday, Bonzo stated the attacker deposited 250 SAUCE, price only some {dollars}, earlier than submitting a value replace that inflated the token’s worth by roughly 12 orders of magnitude. The pockets then borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool.

The case illustrates how oracle failures can flip low-value collateral right into a device for draining massive quantities of liquidity from lending protocols, even when the appliance and underlying community proceed working as designed. 

Bonzo attributed the incident to a flaw in Supra’s on-chain oracle verifier, which accepted a manipulated SAUCE value carrying a zeroed signature. The protocol stated Supra acknowledged the problem and deployed a repair, whereas stressing that the incident was not a vulnerability in Bonzo Lend’s contracts or Hedera’s core community.

Oracle Exploit Drains M From Bonzo Lend on Hedera

Estimated financial affect of the incident. Supply: Bonzo Finance

DeFi hacks proceed to stress the sector 

The incident provides to a rising variety of exploits focusing on decentralized finance (DeFi) protocols in 2026. 

The second quarter had turn out to be the most-hacked quarter on report by incident rely, with 83 exploits and about $755 million stolen. Cross-chain bridge exploits accounted for $351 million, whereas compromised administrator assaults and pretend token value manipulation represented 37% of quarterly losses. 

In 2026, DeFi’s complete worth locked (TVL) had fallen 39% to over $70 billion in June from about $115 billion in January. CryptoRank recorded 121 hacks and roughly $942 million in losses over the interval, saying repeated safety incidents seemingly weighed on person confidence and strengthened capital outflows.

Associated: ‘All DeFi unsafe’ declare sparks AI safety debate after April hack surge

The Bonzo incident additionally follows an identical collateral-pricing exploit on Stellar. In February, attackers drained roughly $10 million from a YieldBlox DAO-managed lending pool after manipulating the worth path used to worth USTRY collateral, permitting them to borrow belongings past the token’s actual price. 

Journal: Will the crypto foyer’s $189M marketing campaign get CLARITY over the road?

Cointelegraph is dedicated to impartial, clear journalism. This information article is produced in accordance with Cointelegraph’s Editorial Coverage and goals to offer correct and well timed info. Readers are inspired to confirm info independently.

Supply hyperlink



Source link