Close Menu
Crypto Breaking News
    Crypto Breaking News
    • News
      • Press Release
      • Featured
      • Events
      • Exchanges
      • Bitcoin
      • Ethereum
      • Solana
      • Ripple
      • Artificial Intelligence (AI)
      • Real World Assets (RWA)
      • Markets & Finance
      • Regulation & Policy
      • Press Releases by PR Newswire
      • News by CoinPedia
      • News by Coincu
      • News by Blockchain Wire
    • Crypto
      • Companies
      • Events
      • Partners
      • Buy Crypto
      • Timers
    • Advertise
      • Submit a Press Release
      • Logos
      • About
      • Services
    • Offers
      • Marketing Services
      • Wallets & Tools
    • Account
    • Video
    • Contact
    Submit PR
    Crypto Breaking News
    Altcoins Crypto News

    Oracle Exploit Wipes $9M From Bonzo Lend on Hedera

    19 seconds ago
    FacebookTwitterLinkedInCopy Link
    News Feed
    Google NewsRSS
    Oracle Exploit Wipes $9m From Bonzo Lend On Hedera
    Oracle Exploit Wipes $9m From Bonzo Lend On Hedera

    A Hedera-based lending protocol, Bonzo Lend, says it suffered losses of about $9 million after an attacker manipulated the price of a low-value collateral token used by the system. The exploit reportedly converted a small deposit into the ability to borrow far more than the collateral was actually worth, draining liquidity from the lending pool.

    In a preliminary incident report posted Saturday on Bonzo’s website, the protocol described an oracle-driven failure in which the attacker submitted a crafted price update for SAUCE collateral—inflating its reported value by roughly 12 orders of magnitude. With that inflated valuation in place, the attacker then borrowed 6.63 million USDC and 34.5 million wrapped HBAR.

    Key takeaways

    • Bonzo Lend estimates the incident’s economic impact at about $9 million, triggered by manipulated collateral pricing.
    • The protocol attributes the root cause to Supra’s on-chain oracle verifier accepting an update that carried a zeroed signature.
    • A small initial deposit (250 SAUCE) was enough to borrow millions in assets once the oracle-reported SAUCE price was inflated.
    • Bonzo says the event was not a flaw in Bonzo Lend’s smart contracts or Hedera’s base network, but rather an oracle validation issue upstream.
    • The attack follows a similar collateral-pricing exploit on Stellar earlier this year, underscoring a recurring DeFi risk pattern.

    How a bad price became “real” collateral

    Bonzo’s incident report describes a sequence designed to exploit how lending platforms translate oracle prices into borrowing power. According to Bonzo, the attacker began by depositing 250 SAUCE, which the protocol characterizes as worth only a few dollars under normal pricing.

    The critical step came when the attacker submitted a price update that dramatically inflated SAUCE’s value—by approximately 12 orders of magnitude—through the oracle mechanism integrated into the protocol. Once that manipulated price was accepted, the protocol’s collateral valuation logic reflected the inflated figure, allowing the attacker’s account to take out loans that were disproportionate to the collateral initially provided.

    Bonzo states the resulting borrow activity included 6.63 million USDC and 34.5 million wrapped HBAR. The episode highlights a familiar DeFi failure mode: when an oracle feeds a manipulated price into a lending system, the protocol can behave “as designed” while still enabling catastrophic financial extraction.

    The oracle verifier failure Bonzo points to

    Rather than blaming the lending logic itself, Bonzo frames the incident as an oracle validation problem. The protocol said the issue stemmed from a flaw in Supra’s on-chain oracle verifier, which—per Bonzo—accepted a manipulated SAUCE price even though it carried a zeroed signature.

    Bonzo also said Supra acknowledged the problem and deployed a fix. At the same time, Bonzo emphasized that the incident was not a vulnerability in Bonzo Lend’s contracts or in Hedera’s core network.

    For users and integrators, this distinction matters: it shifts attention toward the reliability and security assumptions of oracle infrastructure and the guarantees a lending protocol expects its price feeds to provide. Even if application-level code is correct, an oracle layer that fails signature validation (or otherwise fails to enforce data integrity) can undermine the entire risk model.

    Why collateral-price exploits keep resurfacing in DeFi

    Bonzo’s incident arrives amid continued pressure on DeFi security across 2026. Cointelegraph previously noted that the second quarter became the most-hacked quarter on record by incident count, registering 83 exploits and roughly $755 million stolen, with cross-chain bridge exploits accounting for $351 million. The same coverage highlighted that compromised administrator attacks and fake token price manipulation together made up 37% of quarterly losses.

    Beyond headline counts, user trust appears to be a central variable. Cointelegraph also reported that DeFi total value locked (TVL) fell 39% to more than $70 billion in June 2026 from around $115 billion in January. Separately, CryptoRank data referenced in that reporting indicated 121 hacks and about $942 million in losses over the same period, suggesting repeated security events may have reinforced capital outflows.

    The Bonzo incident is consistent with that broader pattern: attacks that tamper with pricing inputs often bypass “traditional” defenses because they exploit the system’s economic rules rather than directly breaking core contracts. When a lending market depends on accurate collateral valuation, the oracle layer becomes a high-value target—and a single failed integrity check can be enough to trigger liquidation-like borrowing mechanics without liquidation restraints.

    A similar playbook on Stellar earlier this year

    Bonzo’s report also echoes a comparable exploit on Stellar earlier in 2026. In February, attackers drained roughly $10 million from a YieldBlox DAO-managed lending pool after manipulating the price path used to value USTRY collateral. That manipulation enabled borrowing beyond the collateral’s true worth.

    While the two incidents occurred on different ecosystems, the underlying mechanism aligns: attackers focused on the way collateral prices were computed and trusted, then used those distorted valuations to extract liquidity. Taken together, the cases reinforce that “collateral pricing integrity” is not a niche risk—it is one of the most repeatable vulnerabilities in lending and collateralized borrowing systems.

    That repetition also raises a practical question for builders: what assurances do they require from oracle providers, and what monitoring or fallback strategies exist when price integrity breaks? Bonzo’s account points to signature validation as a critical safeguard—and implicitly to the need for robust enforcement that can’t be bypassed by malformed or unauthorized updates.

    For DeFi users and protocol operators, the next watch item is how oracle providers and integrators validate fixes after incidents like this—particularly whether they strengthen verifier behavior under edge cases such as invalid signatures—and whether lending markets adjust risk parameters in response to oracle-layer failures.

    Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

    Crypto Breaking News
    • Website
    • Facebook
    • X (Twitter)
    • Pinterest
    • Instagram
    • Tumblr
    • LinkedIn

    The Crypto Breaking News editorial team curates the latest news, updates, and insights from the global cryptocurrency and blockchain industry.

    Related Posts

    Ethereum Up 3% As Tokenization Demand Grows; Eth Eyes $1,800

    Ethereum Up 3% as Tokenization Demand Grows; ETH Eyes $1,800

    1 hour ago
    Real Vision’s Jamie Coutts Says Bitcoin Approaching Late Bear Phase

    Real Vision’s Jamie Coutts Says Bitcoin Approaching Late Bear Phase

    2 hours ago
    Bonzo Lend Reports $9m Loss After Oracle Exploit On Hedera

    Bonzo Lend Reports $9M Loss After Oracle Exploit on Hedera

    3 hours ago
    Bitcoin Climbs Nearly 10% In July, Yet 2022 Bear-Market Signal Persists

    Bitcoin Climbs Nearly 10% in July, Yet 2022 Bear-Market Signal Persists

    4 hours ago
    Imf: Stablecoins Could Ease Fx Access, But May Intensify Runs

    IMF: Stablecoins Could Ease FX Access, But May Intensify Runs

    5 hours ago
    Imf: Dollar Stablecoins May Ease Fx Access, But Risk Currency Runs

    IMF: Dollar Stablecoins May Ease FX Access, but Risk Currency Runs

    6 hours ago

    Search Crypto News

    Featured Crypto News

    How Ai Is Changing Music: Virtual Artist Lunayah Releases "new Beginning"

    How AI Is Changing Music: Virtual Artist Lunayah Releases “New Beginning”

    1 June 2026

    Latest News

    • Oracle Exploit Wipes $9M From Bonzo Lend on Hedera
    • Ethereum Up 3% as Tokenization Demand Grows; ETH Eyes $1,800
    • Real Vision’s Jamie Coutts Says Bitcoin Approaching Late Bear Phase
    • Bonzo Lend Reports $9M Loss After Oracle Exploit on Hedera
    • Bitcoin Climbs Nearly 10% in July, Yet 2022 Bear-Market Signal Persists
    • IMF: Stablecoins Could Ease FX Access, But May Intensify Runs
    • IMF: Dollar Stablecoins May Ease FX Access, but Risk Currency Runs
    • Senate Democrats Push for Hearings on Trump–Crypto Links During CLARITY Act Review
    • Kraken to Redesign Trading App With AI Features, CNBC Says
    • DOJ Seeks to Dismiss $722M BitClub Fraud Case, Report

    Join 20,000+ Crypto Followers

    • Facebook2.4K
    • Twitter4.5K
    • Instagram7.2K
    • LinkedIn4.3K
    • Telegram55
    • Threads1000
    Ledger
    eToro Crypto 300x300

    About Crypto Breaking News

    About Crypto Breaking News

    Crypto Breaking News is a fast-growing digital media platform focused on the latest developments in cryptocurrency, blockchain, and Web3 technologies. Our goal is to provide fast, reliable, and insightful content that helps our readers stay ahead in the ever-evolving digital asset space.

    Web3 Digital L.L.C-FZ
    License Number: 2527596
    📞 +971 50 449 2025
    ✉️ info@cryptobreaking.com
    📍Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates

    FacebookX (Twitter)InstagramPinterestYouTubeTumblrBlueskyLinkedInRedditTikTokTelegramThreadsRSS

    Links

    • Crypto News
    • Submit a Press Release
    • Advertise
    • Contact Us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    • Stocks Breaking News

    advertising

    Ledger
    © 2026 CryptoBreaking.com | All rights reserved | Powered by Web3 Digital & Osom One

    Type above and press Enter to search. Press Esc to cancel.

    Change Location
    Find awesome listings near you!