Bonzo Lend, a decentralized lending platform on Hedera, incurred approximately $9.05 million in losses following an exploit of a third-party Supra oracle contract. The vulnerability allowed an attacker to manipulate asset valuations, borrowing far beyond collateral limits.
The attacker initially deposited 250 SAUCE tokens—a low-value token—before submitting a false price update that artificially inflated SAUCE’s HBAR-denominated worth. This deception enabled the withdrawal of 6.63 million USDC and 34.52 million wrapped HBAR, valued at around $9.05 million based onHBAR’s price at the time.
A separate wallet later borrowed an additional $1 million in assets while the manipulated price remained active. This account later identified itself as a good-faith responder via Discord and pledged to repay the funds, though the protocol excluded these assets from its final loss calculation.
Post-exploit, Hedera’s total value locked (TVL) stood at $25.7 million, down nearly 40% in 24 hours, per DeFLlama data. The breach significantly impacted Bonzo’s TVL, reflecting broader instability in the network’s lending ecosystem.
Also Read
- Presidential Crypto Holdings Highlight Systemic Governance Gap in Digital Asset Policy
- UK Takes Definitive Steps Toward Becoming a Global Crypto Hub
- Hong Kong Launches Yuan‑Gold Infrastructure to Bypass Dollar‑Linked Stablecoins
- CoreWeave’s $20 billion funding haul shows why Bitcoin is losing the competition for liquidity

