Bonzo Lend loses $9M in oracle exploit on Hedera

An attacker inflated the value of SAUCE collateral and borrowed $9 million from Bonzo Lend through a flaw in Supra’s on-chain oracle verifier.
Hedera-based lending protocol Bonzo Lend lost about $9 million after an attacker manipulated the price of SAUCE used as collateral, allowing the account to borrow assets far beyond the value deposited.
In a preliminary incident report published Saturday, Bonzo said the attacker deposited 250 SAUCE, worth only a few dollars, before submitting a price update that inflated the token’s value by roughly 12 orders of magnitude. The wallet then borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool.
The case illustrates how oracle failures can turn low-value collateral into a tool for draining large amounts of liquidity from lending protocols, even when the application and underlying network continue operating as designed.
Read more

