Close Menu
  • Home
  • Crypto News
  • Tech News
  • Gadgets
  • NFT’s
  • Luxury Goods
  • Gold News
  • Cat Videos
What's Hot

XBX A01+ AR Glasses Review: 147-Inch Virtual Screen

July 13, 2026

Try Not To Laugh… Good Luck 😂#funnycats #catshorts #catvideos #trending

July 13, 2026

Hedera-Based Bonzo Lend Loses $9 Million in Oracle Exploit

July 13, 2026
Facebook X (Twitter) Instagram
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • DMCA
Facebook X (Twitter) Instagram
KittyBNK
  • Home
  • Crypto News
  • Tech News
  • Gadgets
  • NFT’s
  • Luxury Goods
  • Gold News
  • Cat Videos
KittyBNK
Home » Hedera-Based Bonzo Lend Loses $9 Million in Oracle Exploit
NFT's

Hedera-Based Bonzo Lend Loses $9 Million in Oracle Exploit

July 13, 2026No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Hedera-Based Bonzo Lend Loses  Million in Oracle Exploit
Share
Facebook Twitter LinkedIn Pinterest Email

Bonzo Lend, a lending protocol on the Hedera mainnet, has paused operations following an oracle exploit on July 11, 2026, resulting in an estimated loss of $9 million. Bonzo stated that the incident stemmed from the verification layer of a third-party oracle, while Bonzo Lend’s core contracts functioned exactly as designed.

What Happened

According to Bonzo’s incident report, the exploit began around 00:51 UTC on July 11, 2026, when a wallet identified as Wallet A submitted a price update to a third-party on-demand oracle system on the Hedera mainnet. The submitted price concerned the SAUCE/wHBAR pair and was heavily manipulated compared to the actual market rate. Bonzo noted that this data did not reflect normal market fluctuations, as the price of SAUCE remained relatively unchanged during the same timeframe.

Just seconds after the incorrect price was recorded on-chain, Wallet A used a tiny amount of SAUCE as collateral to borrow assets at a scale that vastly exceeded the actual value of the collateral. In other words, the system viewed the collateral as if it were worth significantly more than its actual value, thereby triggering the excessive borrowing.

How the Oracle Exploit Worked

The technical core of this incident lies within Oracle’s signature verification layer. Bonzo stated that while they utilize both Supra and Chainlink on Hedera, most asset prices within the ecosystem are provided by Supra using a “push” model. Simply put, Supra’s oracle committee signs and pushes prices on-chain, while Bonzo Lend merely reads the stored data to calculate the value of collateral and loans.

Bonzo clarified that no valid oracle signatures were forged, and the actual market price of SAUCE did not fluctuate significantly enough to explain the divergence seen on-chain. Instead, the contract verifier accepted an invalid submission because a critical security check was not properly executed.

According to the latest report, the data submitted by Wallet A to the oracle contract included a committee ID, a committee hash, and a zeroed-out signature. A proper verifier should have blocked this at the very first step, even before the pairing check. However, in this case, the system passed the data into the BLS pairing check on the Hedera precompile. Because both the signature point and the referenced public key were zeroed out, the pairing check returned true based on the mathematical logic of the provided input, resulting in a validation that was incorrect in context.

Bonzo also emphasized that this was not a flash-loan attack, nor was it market manipulation in the conventional sense, and it was not caused by a bug in Bonzo Lend’s core contracts.

Losses and Protocol Impact

Bonzo estimates the primary loss from Wallet A to be approximately $9.05 million, calculated based on the principal withdrawn during the exploit transaction. This figure does not include accrued interest, transaction fees, subsequent price fluctuations, or any potentially recoverable assets.

When factoring in Wallet B, the total value borrowed during the abnormal window could reach approximately $10.06 million. However, Bonzo separated this wallet from the total loss, stating that its owner proactively contacted the team as a white-hat responder and committed to returning the assets.

 

Hedera-Based Bonzo Lend Loses  Million in Oracle Exploit

Bonzo’s disclosed loss breakdown. Source: Bonzo Lend

Wallet A deposited 250 SAUCE and subsequently borrowed 6,634,528.202695 USDC and 34,518,389.36109841 wHBAR. This sequence demonstrates that the borrower withdrew assets vastly exceeding the value of the deposited collateral. The impact on the protocol was immediate, with Bonzo Lend being paused at 01:41 UTC and Bonzo Points being paused at 05:50 UTC.

How Bonzo and Hedera Responded

Bonzo paused Bonzo Lend immediately after the incident to mitigate further risk, while also publishing a technical report detailing the timeline and relevant on-chain references. In the report, the team made it clear that the issue originated at the oracle layer, not within Bonzo Lend’s logic.

Hedera also voiced its support for Bonzo, confirming that the mainnet continues to operate normally. According to Hedera’s message, the vulnerability lay in an upstream oracle layer, and the network’s core services were not compromised. Bonzo noted that Supra acknowledged the incident and deployed a fix for the affected verifier contract on the Hedera mainnet.

Bonzo stated that Wallet B proactively contacted the team as a white-hat responder and committed to returning the assets, though the final recovered amount has not yet been announced.

What Comes Next for Bonzo Lend

The pausing of Bonzo Lend leaves users temporarily unable to use the protocol normally, while liquidity providers must wait for further updates regarding withdrawal availability and the recovery process. The team stated they are continuing to work with the Bonzo Finance Foundation and partners to handle the recovery process related to Wallet B, as well as to determine the necessary conditions to safely reopen the protocol. Currently, Bonzo is finalizing its comprehensive review of the incident and the patches at the oracle verification layer before releasing a new timeline for resumption.

Credit: Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Former SWIFT Exec Denies Rumors of XRP Integration With Global Payment Network

July 11, 2026

Kraken Prepares to Relaunch Mobile App With AI-Powered Trading

July 11, 2026

SWIFT Launches Blockchain-Based Ledger for 24/7 Cross-Border Payments, Pilots With 17 Global Banks Using Tokenized Deposits

July 11, 2026

Sony Bank Gains U.S. Approval for Stablecoin Trust Bank

July 11, 2026
Add A Comment
Leave A Reply Cancel Reply

What's New Here!

Moonen Yachts Achieves Milestone: Steel Hull of Latest Martinique Flipped

November 1, 2023

Decentraland Price Prediction: 2023, 2024, 2025, 2026

November 18, 2023

Grayscale Investments wins against SEC, considers Bitcoin ETF

October 13, 2023

Gold Prices Subdued as Investors Await FOMC Meeting

April 30, 2024

Hands-On With the iPhone 18 Pro Max 2026 Release

June 15, 2026
Facebook X (Twitter) Instagram Telegram
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • DMCA
© 2026 kittybnk.com - All Rights Reserved!

Type above and press Enter to search. Press Esc to cancel.