Bonzo Lend, a lending protocol on Hedera, lost $9 million after an attacker manipulated the value of SAUCE collateral and used it to borrow funds from the platform. The exploit was tied to a flaw in Supra’s on-chain oracle verifier, which allowed the collateral value to be inflated.
The incident matters because lending markets depend on reliable price data to determine how much users can borrow against collateral. When an oracle verifier fails, a protocol can accept distorted valuations, exposing liquidity providers and borrowers to sudden losses.
According to the source material, the attacker’s strategy centered on raising the reported value of SAUCE collateral before borrowing $9 million from Bonzo Lend. The supplied details do not specify the full transaction path, recovery status, or whether affected funds were returned.
Oracle security remains a critical risk area for decentralized finance because lending protocols use external price feeds to make automated decisions. In this case, the weakness was attributed to Supra’s on-chain oracle verifier rather than a conventional private-key compromise or front-end attack.
The Bonzo Lend exploit adds another example of how infrastructure-level weaknesses can create direct financial losses in DeFi. For Hedera users and DeFi builders, the case underscores the importance of oracle validation, collateral controls, and risk monitoring in lending applications.