Oracle Exploit Drains $9M From Bonzo Lend on Hedera | Crypto Security News
Crypto security news: Oracle Exploit Drains $9M From Bonzo Lend on Hedera. This update explains what happened, why it matters for wallets, exchanges, traders, and users, and what the market should watch next.
Crypto Security Update

Hedera-based lending protocol Bonzo Lend lost about $9 million after an attacker manipulated the price of SAUCE used as collateral, allowing the account to borrow assets far beyond the value deposited.In a preliminary incident report published Saturday, Bonzo said the attacker deposited 250 SAUCE, worth only a few dollars, before submitting a price update that inflated the token’s value by roughly 12 orders of magnitude. The wallet then borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool.The case illustrates how oracle failures can turn low-value collateral into a tool for draining large amounts of liquidity from lending protocols, even when the application and underlying network continue operating as designed. Bonzo attributed the incident to a flaw in Supra’s on-chain oracle verifier, which accepted a manipulated SAUCE price carrying a zeroed signature. The protocol said Supra acknowledged the issue and deployed a fix, while stressing that the incident was not a vulnerability in Bonzo Lend’s contracts or Hedera’s core network.Estimated economic impact of the incident. Source: Bonzo FinanceDeFi hacks continue to pressure the sector The incident adds to a growing number of exploits targeting decentralized finance (DeFi) protocols in 2026. The second quarter had become the most-hacked quarter on record by incident count, with 83 exploits and about $755 million stolen. Cross-chain bridge exploits accounted for $351 million, while compromised administrator attacks and fake token price manipulation represented 37% of quarterly losses. In 2026, DeFi’s total value locked (TVL) had fallen 39% to over $70 billion in June from about $115 billion in January. CryptoRank recorded 121 hacks and roughly $942 million in losses over the period, saying repeated security incidents likely weighed on user confidence and reinforced capital outflows.Related: ‘All DeFi unsafe’ claim sparks AI security debate after April hack surgeThe Bonzo incident also follows a similar collateral-pricing exploit on Stellar. In February, attackers drained roughly $10 million from a YieldBlox DAO-managed lending pool after manipulating the price path used to value USTRY collateral, allowing them to borrow assets beyond the token’s real worth. Magazine: Will the crypto lobby’s $189M campaign get CLARITY over the line?Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.
Why This Security News Matters
First, this development may affect exchange safety, wallet security, user trust, and broader market sentiment. In addition, it may influence platform security practices, fund recovery efforts, and regulatory pressure. As a result, traders and crypto users should watch the next updates closely.
What To Watch Next
Watch for official statements, post-mortem reports, wallet warnings, exchange responses, and fund recovery updates. In particular, any new details about phishing, exploits, private key exposure, or security patches could directly affect the broader crypto market.


