Guavy AI Editorial TeamSentiment: -4Clout: 45

Hedera's Bonzo Lend Loses $9M in Oracle-Driven Price Manipulation

A lending protocol on the Hedera network called Bonzo Lend suffered losses of about $9 million after an attacker manipulated the price of a low-value collateral token, SAUCE. The exploit occurred when the attacker submitted a crafted price update for SAUCE that inflated its reported value by roughly 12 orders of magnitude.

With the inflated valuation in place, the attacker then borrowed 6.63 million USDC and 34.5 million wrapped HBAR. Bonzo Lend estimates the incident's economic impact at about $9 million, which was triggered by manipulated collateral pricing.

The protocol attributes the root cause to Supra's on-chain oracle verifier accepting an update that carried a zeroed signature. This failure in oracle validation allowed the attacker to take out loans that were disproportionate to the collateral initially provided.

Bonzo Lend says the incident was not a flaw in Bonzo Lend's smart contracts or Hedera's base network, but rather an oracle validation issue upstream. The attack follows a similar collateral-pricing exploit on Stellar earlier this year, underscoring a recurring DeFi risk pattern.