NFT

Hedera-Based Bonzo Lend Loses $9 Million in Oracle Exploit


Bonzo Lend, a lending protocol on the Hedera mainnet, has paused operations following an oracle exploit on July 11, 2026, resulting in an estimated loss of $9 million. Bonzo stated that the incident stemmed from the verification layer of a third-party oracle, while Bonzo Lend’s core contracts functioned exactly as designed.

What Happened

According to Bonzo’s incident report, the exploit began around 00:51 UTC on July 11, 2026, when a wallet identified as Wallet A submitted a price update to a third-party on-demand oracle system on the Hedera mainnet. The submitted price concerned the SAUCE/wHBAR pair and was heavily manipulated compared to the actual market rate. Bonzo noted that this data did not reflect normal market fluctuations, as the price of SAUCE remained relatively unchanged during the same timeframe.

Just seconds after the incorrect price was recorded on-chain, Wallet A used a tiny amount of SAUCE as collateral to borrow assets at a scale that vastly exceeded the actual value of the collateral. In other words, the system viewed the collateral as if it were worth significantly more than its actual value, thereby triggering the excessive borrowing.

How the Oracle Exploit Worked

The technical core of this incident lies within Oracle’s signature verification layer. Bonzo stated that while they utilize both Supra and Chainlink on Hedera, most asset prices within the ecosystem are provided by Supra using a “push” model. Simply put, Supra’s oracle committee signs and pushes prices on-chain, while Bonzo Lend merely reads the stored data to calculate the value of collateral and loans.

Bonzo clarified that no valid oracle signatures were forged, and the actual market price of SAUCE did not fluctuate significantly enough to explain the divergence seen on-chain. Instead, the contract verifier accepted an invalid submission because a critical security check was not properly executed.

According to the latest report, the data submitted by Wallet A to the oracle contract included a committee ID, a committee hash, and a zeroed-out signature. A proper verifier should have blocked this at the very first step, even before the pairing check. However, in this case, the system passed the data into the BLS pairing check on the Hedera precompile. Because both the signature point and the referenced public key were zeroed out, the pairing check returned true based on the mathematical logic of the provided input, resulting in a validation that was incorrect in context.

Bonzo also emphasized that this was not a flash-loan attack, nor was it market manipulation in the conventional sense, and it was not caused by a bug in Bonzo Lend’s core contracts.

Losses and Protocol Impact

Bonzo estimates the primary loss from Wallet A to be approximately $9.05 million, calculated based on the principal withdrawn during the exploit transaction. This figure does not include accrued interest, transaction fees, subsequent price fluctuations, or any potentially recoverable assets.

When factoring in Wallet B, the total value borrowed during the abnormal window could reach approximately $10.06 million. However, Bonzo separated this wallet from the total loss, stating that its owner proactively contacted the team as a white-hat responder and committed to returning the assets.

 

Bonzo’s disclosed loss breakdownBonzo’s disclosed loss breakdown

Bonzo’s disclosed loss breakdown. Source: Bonzo Lend

Wallet A deposited 250 SAUCE and subsequently borrowed 6,634,528.202695 USDC and 34,518,389.36109841 wHBAR. This sequence demonstrates that the borrower withdrew assets vastly exceeding the value of the deposited collateral. The impact on the protocol was immediate, with Bonzo Lend being paused at 01:41 UTC and Bonzo Points being paused at 05:50 UTC.

How Bonzo and Hedera Responded

Bonzo paused Bonzo Lend immediately after the incident to mitigate further risk, while also publishing a technical report detailing the timeline and relevant on-chain references. In the report, the team made it clear that the issue originated at the oracle layer, not within Bonzo Lend’s logic.

Hedera also voiced its support for Bonzo, confirming that the mainnet continues to operate normally. According to Hedera’s message, the vulnerability lay in an upstream oracle layer, and the network’s core services were not compromised. Bonzo noted that Supra acknowledged the incident and deployed a fix for the affected verifier contract on the Hedera mainnet.

Bonzo stated that Wallet B proactively contacted the team as a white-hat responder and committed to returning the assets, though the final recovered amount has not yet been announced.

What Comes Next for Bonzo Lend

The pausing of Bonzo Lend leaves users temporarily unable to use the protocol normally, while liquidity providers must wait for further updates regarding withdrawal availability and the recovery process. The team stated they are continuing to work with the Bonzo Finance Foundation and partners to handle the recovery process related to Wallet B, as well as to determine the necessary conditions to safely reopen the protocol. Currently, Bonzo is finalizing its comprehensive review of the incident and the patches at the oracle verification layer before releasing a new timeline for resumption.



Source link

LEAVE A RESPONSE

Your email address will not be published. Required fields are marked *