Hedera-based lending protocol Bonzo Lend has been drained of approximately $9 million following a sophisticated exploit involving oracle price manipulation. The incident highlights ongoing vulnerabilities within decentralized finance protocols relying on external data feeds.
The attacker leveraged a technical flaw in Supra’s on-chain oracle verifier to artificially inflate the valuation of SAUCE collateral. By manipulating these price signals, the perpetrator was able to execute unauthorized borrowing, effectively siphoning millions in liquidity from the platform.
Key takeaways from the security breach:
- The exploit targeted the interaction between the oracle system and the lending smart contracts.
- Approximately $9 million in total value was compromised during the incident.
- Security audits and real-time monitoring remain critical for DeFi projects on Hedera.
The Bonzo Lend team is currently investigating the breach and communicating with the affected parties. Users are advised to exercise caution as the platform works toward a resolution and potential security upgrades.