Hedera Shaken by $9 Million Oracle Exploit as Bonzo Lend Loses 77% of TVL
Hedera Shaken by <$9 Million Oracle Exploit> as Bonzo Lend Loses 77% of TVL
A big problem hit the Hedera network when a lending platform called Bonzo Lend lost millions of dollars. An attacker used a flaw in an oracle system to take away about $9 million worth of assets. This event caused the total value locked on Hedera to drop fast and showed how weak points in DeFi can lead to big losses.
What Happened During the Attack
The trouble started when someone put in 250 SAUCE tokens that had almost no real value. They then sent a fake price update through a third-party oracle called Supra. This made the price of SAUCE look much higher than it really was in HBAR terms. Because of this wrong price the attacker could borrow far more than their deposit was worth.
They took out 6.63 million USDC and 34.52 million wrapped HBAR. At the time HBAR was priced near $0.07 so these coins added up to roughly $9.05 million. A second wallet also grabbed about $1 million more while the bad price was still active. The main loss for Bonzo sits at around $9 million after some possible recovery from the second wallet.
How the Oracle Flaw Allowed the Theft
Oracles are tools that bring real-world prices into smart contracts. In this case the Supra oracle did not check the price data properly. The attacker changed the price of a low-value token and the lending protocol trusted that number. This let them borrow huge amounts of stablecoins and wrapped HBAR with almost nothing as real collateral.
Bonzo later said the attack came from a verification problem in the oracle contract. Once the fake price was in place the system allowed withdrawals that should never have happened. The whole event lasted only a short time but the damage was already done.
Impact on Hedera and Total Value Locked
After the exploit Hedera total value locked fell to about $25.7 million. That is a drop of nearly 40 percent in just one day. Bonzo Lend itself lost 77 percent of its own value locked which shows how much the platform was hurt.
Users and investors pulled money out quickly once news spread. The event also reminded everyone that even smaller networks can face serious risks when oracles or smart contracts have hidden bugs.
Lessons for DeFi Users and Builders
This case proves that price oracles need strong checks and multiple sources of data. A single weak point can let attackers drain millions in minutes. Projects should test oracle feeds often and set limits on how much can be borrowed based on new price updates.
For users it is smart to watch for sudden price moves on smaller tokens and to keep an eye on protocol updates after any incident. Better security steps like extra audits and circuit breakers can help stop similar problems in the future.
Looking Ahead After the Incident
Bonzo and Hedera teams are now working on fixes and better protections. The white-hat wallet that took extra funds may return them which could lower the final loss number. Still the event left a mark on trust in the network.
DeFi keeps growing but stories like this show why safety must come first. Strong oracles and careful checks can help stop the next big loss before it starts.