You are connecting from Lake Geneva Public Library, please login or register to take advantage of your institution's Ground News Plan.
Published 2 days ago • loading... • Updated 22 hours ago
Bonzo Lend Loses $9M After Oracle Flaw Inflates SAUCE Price
Bonzo said the attacker deposited 250 SAUCE worth only a few dollars before borrowing 6.63 million USDC and 34.5 million wrapped HBAR.
On Saturday, the Hedera-based lending protocol Bonzo Lend lost about $9 million after an attacker exploited a flaw in Supra's on-chain oracle verifier to manipulate SAUCE collateral prices.
Bonzo reported that the attacker deposited 250 SAUCE, worth only a few dollars, before submitting a price update that inflated the token's value by roughly 12 orders of magnitude.
Using the manipulated collateral, the attacker's wallet borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool, allowing the account to borrow far beyond the value deposited.
Supra acknowledged the flaw and deployed a fix, while Bonzo stressed that the incident was not a vulnerability in its own contracts or Hedera's core network.
This breach adds to a growing number of exploits targeting DeFi protocols in 2026, as CryptoRank recorded 121 hacks and roughly $942 million in losses over the period.