Bonzo Lend hit by $9M exploit after oracle glitch inflates SAUCE collateral
Hedera’s largest lending protocol, Bonzo Lend, has been forced to halt operations after an attacker exploited a flaw in a third‑party oracle, walking away with an estimated $9.05 million in crypto. The incident centered on a mispriced SAUCE token feed delivered by Supra, an external oracle provider integrated into Bonzo’s lending markets.
According to Bonzo Finance Labs, the attack began on July 11, 2026, when a single wallet pushed a falsified price update for SAUCE to a Supra oracle contract on Hedera. At the time, the attacker deposited 250 SAUCE as collateral – tokens worth only a few dollars at real market value. Once the manipulated price was accepted by the oracle, the system suddenly treated that small deposit as if it were worth millions.
Within eight seconds of the fake price propagating through the network, the attacker used the artificially inflated collateral value to borrow 6.63 million USDC and more than 34.5 million wrapped HBAR from Bonzo Lend. Bonzo later described the primary loss as “approximately $9.05 million,” reflecting the principal drained from the protocol’s lending pools.
The team reacted by pausing Bonzo Lend at 01:41 UTC, shortly after the anomaly was detected. Bonzo Points – the protocol’s points program – was suspended later the same morning. Other parts of the ecosystem, including Bonzo Vaults, the Bonzo Bridge, and single‑sided BONZO staking, remained active, as their contracts were not directly impacted by the oracle manipulation.
Bonzo’s post‑mortem attributed the root cause of the exploit to a critical oversight in Supra’s signature verification logic. Each oracle update is supposed to be accompanied by a cryptographic signature from Supra’s oracle committee, which Bonzo’s contracts trust as an authoritative source of off‑chain price data. In this case, the update did not contain a valid committee signature at all. Instead, it carried a zeroed signature – essentially an empty value.
The problem arose because Supra’s verifier contract did not properly reject this zeroed input before passing it to Hedera’s pairing system contract, which performs a mathematical pairing check as part of the signature validation process. Since both elements in the operation were effectively identity points, the check returned “true” by default, even though no genuine signature existed. Supra’s contract then incorrectly treated this result as proof that the price update had been signed by the oracle committee.
Bonzo emphasized that no one actually forged a valid oracle signature and that the genuine market price of SAUCE never spiked on exchanges. The failure was entirely within the verification logic of the Supra oracle contract on Hedera. Supra has since shipped a fix to the affected verifier, closing the specific avenue that allowed zeroed signatures to be treated as valid.
From Bonzo’s perspective, its own lending smart contracts behaved exactly as they were programmed to once the tainted data flowed in. The protocol is designed to read price feeds from oracles that have been whitelisted and marked as trusted data sources. When the SAUCE feed delivered the manipulated value, Bonzo’s contracts recalculated the borrowing power of the attacker’s position using that input, assuming it was legitimate. As a result, the lending pool allowed the attacker to borrow far more than the real value of their posted collateral.
The team’s report explicitly ruled out a bug in Bonzo’s own contracts, a classic flash‑loan attack, or ordinary market‑driven price manipulation. Instead, they framed the incident as an oracle integrity failure: once the price feed was compromised, the rest of the protocol’s logic dutifully followed incorrect instructions.
While the main attacker captured roughly $9.05 million, they were not the only address to act during the brief pricing anomaly. A second account managed to borrow around $1 million in assets while the inflated SAUCE price was still live. That wallet later reached out to the Bonzo team, claiming to be a white‑hat participant who stepped in to mitigate further damage. The wallet’s owner reportedly pledged to return the funds. Because negotiations and recovery efforts with this address are ongoing, Bonzo did not include that $1 million in its official loss estimate, and the public report has not yet confirmed whether any assets have been returned.
Before Bonzo publicly released its incident breakdown, on‑chain analysts had already traced large flows of funds leaving Hedera. Investigators observed more than $5.8 million in tokens moving from Hedera to Ethereum, routed via a cross‑chain bridge using LayerZero technology. The attacker then began converting a portion of those assets from wrapped Bitcoin into Ether, likely in an attempt to obfuscate the trail and diversify holdings. During the wave of transfers, HBAR’s price slipped more than 2%, reflecting market concern over the developing exploit.
Bonzo’s oracle configuration documents show that Supra feeds are used to provide prices for several tokens against wrapped HBAR, including SAUCE, HBARX, XSAUCE, DOVU, PACK, KARATE, STEAM, and HST. In this case, only the SAUCE pair was affected by the vulnerability in the verifier contract. According to Bonzo, regular publishing activity restored the correct SAUCE price to around 0.1964 HBAR at 01:36 UTC – roughly five minutes before the team paused the lending pool. By then, however, the attacker had already extracted most of the accessible liquidity using the window created by the inflated collateral value.
A subsequent, more detailed report from Bonzo Finance Labs refined the estimate of principal stolen by the main attacker to approximately $9.05 million. The protocol remains fully paused while Bonzo Finance Labs and the Bonzo Finance Foundation coordinate with partners on several fronts: attempting to trace and recover funds, auditing and repairing affected infrastructure, and designing a withdrawal and remediation plan for liquidity providers whose deposits are currently locked.
No firm timeline has been given for when Bonzo Lend will resume operations. The team indicated that lending will remain halted until they are confident that all oracle integrations are secure and that any necessary contract upgrades or additional safeguards have been implemented.
Beyond the immediate loss, the exploit raises broader questions about oracle risk in decentralized finance. Even when lending contracts are formally correct, they are only as secure as the off‑chain data they consume. A single weakness in an external verifier or aggregation layer can ripple through an entire protocol, effectively turning a well‑audited smart contract into an automated victim of faulty information.
This incident also highlights the complexity of cross‑chain post‑exploit behavior. By rapidly bridging assets from Hedera to Ethereum and converting portions into other tokens, attackers can leverage liquidity and tooling on more mature ecosystems to mix, trade, or disperse the proceeds. For investigators and recovery teams, that means tracing funds across multiple networks and infrastructures, each with its own tooling, latency, and opacity.
For users and liquidity providers on Bonzo, the immediate concerns are practical: how much of the stolen capital, if any, can realistically be recovered; what portion of the loss will ultimately be socialized; and how withdrawals will be prioritized once the protocol reopens. The answers will depend on negotiations with the self‑described white hat, potential cooperation from the main attacker (which historically is rare), and any legal or enforcement actions that may follow.
For protocol designers, the Bonzo episode underlines several lessons. Relying on a single oracle provider concentrates risk, especially when validator sets, verifiers, and cryptographic checks are managed externally. Defense‑in‑depth strategies – such as requiring multiple independent oracles, setting conservative collateral factors for illiquid or niche tokens, and implementing circuit breakers that flag or freeze markets when prices move outside predefined bounds – can help limit damage from bad data.
There is also a governance dimension. Communities and foundations must decide how quickly to list new collateral types, particularly tokens with thin liquidity or short trading histories. SAUCE was not one of the major Hedera assets, which meant that anomalies in its on‑chain price were less likely to be immediately flagged by market participants. Tighter listing standards and more stringent risk frameworks for smaller tokens may reduce upside in the short term but can significantly lower systemic risk.
For oracle providers, this event is a reminder that even low‑level edge cases – like how a contract handles a zeroed signature – can become multi‑million‑dollar vulnerabilities in production. Rigorous formal verification, adversarial testing, and clear fail‑safe behavior (for example, rejecting updates rather than passing them through when verification is ambiguous) are essential for any component that acts as a trust anchor for DeFi applications.
The Hedera ecosystem, which has been steadily gaining traction through enterprise partnerships and new DeFi projects, now faces a reputation test. How efficiently the affected parties manage incident response, communicate with users, and strengthen infrastructure will influence whether this exploit is remembered as a temporary setback or a structural red flag.
For now, Bonzo Lend remains offline, its pools frozen while the team works with security experts, partners, and stakeholders to chart a path forward. Users are left waiting for clarity on the scale of recoveries, the shape of compensation mechanisms, and the future risk architecture of one of Hedera’s flagship lending protocols.
