Bonzo Lend’s Total Value Locked Plunges 77% as $9M Oracle Exploit Rocks Hedera

Bonzo Lend, a decentralized lending protocol on the Hedera network, suffered an estimated loss of $9.05 million after an attacker exploited a verification flaw in a third-party Oracle Supra contract, allowing it to borrow assets far in excess of the value of its collateral.

The attacker deposited 250 low-value SAUCE tokens, before submitting a manipulated price update that inflated the token’s HBAR-denominated value, according to a preliminary incident report from Bonzo.

The protocol indicates that the account then borrowed 6.63 million USDC and 34.52 million wrapped HBAR. At the report’s HBAR benchmark price of $0.06998, the two withdrawals were worth approximately $9.05 million.

A second portfolio, the report added, borrowed approximately $1 million in additional assets while the abnormal price remained active. The wallet then contacted Bonzo via Discord, identified itself as a white responder to the incident, and said it intended to return the funds.

Bonzo excluded these assets from his estimate of overall losses, placing the total capital borrowed during the incident at approximately $10.06 million before recovery.

Hedera, according to DeFLlama data, now has $25.7 million in total value locked (TVL). This figure dropped by almost 40% in the last 24 hours after the exploit. With Bonzo’s TVL

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top