Hedera-based lending protocol Bonzo Finance hit by oracle attack, loses about $9 million

AI Market Summary
Bonzo Finance, a Hedera-based lending protocol, lost about $9M after an oracle validator flaw at Supra accepted a manipulated SAUCE price feed, enabling outsized borrowing of USDC and wrapped HBAR. While smart contracts and Hedera itself were not compromised, the incident highlights oracle and validator risk in DeFi, which can pressure sentiment around Hedera-linked assets and related ecosystem liquidity in the near term.
Impact level
● Medium
Affected assets
HBAR/USDT-1.85%
AI Insight · HBAR/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Bonzo Finance, a lending protocol on Hedera, reported an oracle-related exploit that led to roughly $9 million in losses. According to the project's preliminary incident report, the attacker used SAUCE as collateral after artificially inflating its reported price. The attacker deposited 250 SAUCE, then pushed a single price update that boosted the token's price by around 12 orders of magnitude. Using the inflated collateral valuation, the attacker borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool. Bonzo Finance said the incident did not stem from a flaw in its smart contracts or the Hedera network. Instead, it was attributed to an issue in Supra's on-chain oracle validator, which incorrectly accepted a SAUCE price feed with a zeroed-out signature. Supra has confirmed the problem and said a fix has been deployed.