Guavy AI Editorial TeamSentiment: -3Clout: 82

DeFi Oracle Verifier Flaw Exposed in $9M Bonzo Lend Exploit

A recent exploit on Bonzo Lend's Hedera platform drained nearly $9 million through a manipulated oracle update. The attack occurred at 00:51 UTC on July 11, 2026, and was attributed to a flaw in Supra's on-chain oracle verifier.

The attacker submitted a price update that inflated the value of SAUCE by roughly 12 orders of magnitude, from $250 to millions of dollars. The verifier accepted the update despite an invalid signature, allowing the attacker to borrow large sums of USDC and wrapped HBAR.

Supra acknowledged the issue and deployed a fix to the affected verifier on Hedera mainnet. Bonzo paused the protocol to stem further damage and is working on hotfixes and app-level changes to prevent similar attacks in the future.