Bonzo Finance lost about $9.05 million after a faulty oracle verifier accepted a manipulated SAUCE price. The attacker used 250 SAUCE tokens as collateral to borrow millions in USDC and wrapp
- Bonzo Finance lost about $9.05 million after a faulty oracle verifier accepted a manipulated SAUCE price.
- The attacker used 250 SAUCE tokens as collateral to borrow millions in USDC and wrapped HBAR within seconds.
- Bonzo said its lending contracts worked as designed, but Supra’s verifier failed to reject invalid inputs.
- A second wallet borrowed about $1 million, claimed white-hat status and pledged to return the assets.
Bonzo Finance, Hedera’s largest active lending protocol lost approximately $9.05 million after an attacker exploited a verification flaw in a third-party price oracle on July 11. The incident allowed the actor to use collateral worth only a few dollars to borrow millions in USDC and wrapped HBAR. Per reports, Bonzo Lend and Bonzo Points were paused, while Bonzo Vaults, its bridge, and BONZO/XBONZO staking remained operational.
Zero-Signature Oracle Flaw Triggers $9M Bonzo Exploit
According to Bonzo’s preliminary incident report, the attacker first deposited 250 SAUCE tokens at 00:39 UTC. At 00:51 UTC, the wallet submitted a manipulated SAUCE-to-HBAR price to Supra’s on-demand oracle contract.
The update inflated SAUCE’s value by roughly 12 orders of magnitude. Eight seconds later, the wallet borrowed 6.63 million USDC, followed by approximately 34.52 million WHBAR. The failure occurred in the oracle’s signature-verification process.
Bonzo said the submitted update carried a zeroed BLS signature, represented as [0,0], and referenced a committee public key that was also effectively zero. Hedera’s pairing precompile returned true for the mathematical identity it received, as specified under EIP-197.
However, Supra’s verifier allegedly failed to reject zero or invalid subgroup inputs before treating the result as proof of an authorized signature. Bonzo stressed that its lending contracts did not malfunction.
The Aave-based protocol read the price stored by its configured oracle and calculated borrowing capacity according to its loan-to-value rules. The team also said the attack did not involve a flash loan or genuine market manipulation, as SAUCE’s traded price remained near 0.2 HBAR.
Supra acknowledged the verifier issue and deployed a fix to the affected Hedera contract, according to Bonzo and Hedera.
Bonzo Awaits $1M White-Hat Repayment After Exploit
The $9.05 million headline loss excludes approximately $1 million borrowed by a second account while the false price remained active. That wallet later contacted the team, identified itself as a white-hat responder, and promised to return the assets.
Bonzo therefore classified the second amount as potentially recoverable, although the final figure will depend on what is returned after interest, swaps, and transaction costs are reconciled.
A legitimate oracle update restored SAUCE’s price at 01:36 UTC, and Bonzo paused the lending pool five minutes later. However, the protocol has not announced a reimbursement plan or a date for reopening withdrawals.
Its report said remediation, liquidity-provider access, and other user-facing steps are still being developed with the Bonzo Finance Foundation and ecosystem partners. The incident is particularly consequential for Hedera considering that Bonzo dominates the network’s lending market.
DefiLlama listed Bonzo Lend with roughly $2.74 million in remaining total value locked and approximately $13.24 million in active loans after the attack. The only other listed Hedera lender was a deprecated protocol holding minimal value.
Hedera previously described Bonzo as an Aave-based, non-custodial credit market supporting HBAR, Hedera Token Service assets, and USDC. Although Hedera’s base network continued operating normally, the exploit demonstrates how DeFi applications inherit risks from external infrastructure.
Multiple oracle integrations can improve redundancy, but they do not eliminate the need for strict cryptographic validation, price-deviation limits, and emergency circuit breakers before abnormal data can determine collateral values and borrowing limits.
The post Hedera’s Largest Lending Protocol, Bonzo, Loses $9M in Oracle Exploit appeared first on Blockonomi.