Security

Bonzo Lend Says Oracle Verifier Exploit Led to About $9M in Losses on Hedera

Bonzo Finance Labs said Bonzo Lend suffered an exploit tied to a third-party oracle verifier on Hedera, with the protocol putting the headline loss at about $9.05 million. The company said the larger figure rises to roughly $10.06 million if a white-hat borrow is included.

According to the incident report, the issue was linked to a verification flaw in a third-party Supra oracle contract used by the lending protocol. Bonzo said the exploit allowed an attacker to borrow far more than the value of the posted collateral by manipulating a price update tied to SAUCE.

Tavily-captured reporting on the incident said the attacker deposited a small amount of SAUCE, then used the manipulated oracle data to borrow 6.63 million USDC and 34.52 million wrapped HBAR. Based on the reference HBAR price cited in that coverage, the withdrawals were worth approximately $9.05 million.

The available sources describe the event as an oracle-verification exploit rather than a failure in Bonzo’s core lending logic, but the exact scope of the incident remains tied to the details in the project’s report. Additional confirmation and any broader impact on the Hedera ecosystem remain pending in the available material.