Bonzo Lend loses $9M in oracle exploit on Hedera
Bonzo Lend loses $9M in oracle exploit on Hedera
An attacker inflated the value of SAUCE collateral and borrowed $9 million from Bonzo Lend through a flaw in Supraβs on-chain oracle verifier.
Estimated economic impact of the incident. Source: Bonzo Finance
The incident adds to a growing number of exploits targeting decentralized finance (DeFi) protocols in 2026. The second quarter had become the most-hacked quarter on record by incident count, with 83 exploits and about $755 million stolen.
Cross-chain bridge exploits accounted for $351 million, while compromised administrator attacks and fake token price manipulation represented 37% of quarterly losses.
In 2026, DeFiβs total value locked (TVL) had fallen 39% to over $70 billion in June from about $115 billion in January. CryptoRank recorded 121 hacks and roughly $942 million in losses over the period, saying repeated security incidents likely weighed on user confidence and reinforced capital outflows.
Related: βAll DeFi unsafeβ claim sparks AI security debate after April hack surge
The Bonzo incident also follows a similar collateral-pricing exploit on Stellar. In February, attackers drained roughly $10 million from a YieldBlox DAO-managed lending pool after manipulating the price path used to value USTRY collateral, allowing them to borrow assets beyond the tokenβs real worth.
Magazine: Will the crypto lobby's $189M campaign get CLARITY over the line?
Comments
No comments yet. Start the discussion.