Bonzo Lend Loses $9.05 Million in Hedera Oracle Exploit

Lending protocol Bonzo Lend suffered a significant loss of approximately $9.05 million after an attacker successfully exploited a verification flaw within a third-party Supra oracle contract operating on the Hedera network.
Exploit Details
The exploit targeted a specific verification vulnerability within the Supra oracle contract, which is crucial for providing external data feeds to the Bonzo Lend protocol. This flaw allowed the attacker to manipulate data, leading to the unauthorized drain of funds. The incident highlights the persistent security risks associated with smart contract interactions and third-party dependencies in the decentralized finance (DeFi) space.
Impact on Bonzo Lend
Following the exploit, Bonzo Lend saw a drastic reduction in its total value locked (TVL), losing 77% of its assets. This substantial decline underscores the severe consequences that oracle vulnerabilities can have on DeFi protocols, impacting user confidence and the operational integrity of the platform. The incident serves as a stark reminder of the importance of robust security audits and continuous monitoring for smart contracts, especially those relying on external data sources. For more context on similar incidents, see our previous report on Bonzo Lend's $9 Million Loss.
Why It Matters
This incident with Bonzo Lend on the Hedera network reinforces the critical need for comprehensive security measures in DeFi. Oracle exploits remain a primary vector for attacks, demonstrating that even established networks and third-party providers are not immune to sophisticated vulnerabilities. As the DeFi ecosystem continues to evolve, protocols must prioritize multi-layered security audits, real-time threat detection, and robust incident response plans to protect user funds and maintain trust.
Key Takeaways
- Bonzo Lend lost approximately $9.05 million.
- The exploit occurred on the Hedera network.
- A flaw in a third-party Supra oracle contract was the vulnerability.
- Bonzo Lend's total value locked (TVL) decreased by 77%.
- The incident underscores ongoing security challenges in DeFi protocols relying on external data.
◆ Related

Bonzo Lend Suffers $9 Million Loss in Hedera Oracle Exploit
Bonzo Lend on Hedera lost $9 million after an attacker exploited a flaw in Supra's on-chain oracle verifier to inflate SAUCE collateral.

OKX, MetaMask, and Matter Labs Support Genlayer Foundation's AI Agent Dispute Resolution Court
OKX, MetaMask, and Matter Labs are among 27 firms backing a Genlayer Foundation initiative for an AI agent dispute resolution court to enable interoperable payments and escrow.

Japanese Lender CRYL Launches Bitcoin-Backed Loans Up to $6.2 Million
Japanese lender CRYL has launched Bitcoin-backed loans for individuals and businesses, offering up to $6.2 million in financing.