A black device with a circuit design and the word
Crypto

Bonzo Lend Hit for ~$9M After SAUCE Oracle Price Manipulation on Hedera

Bonzo says a Supra oracle verifier accepted a zeroed-signature update that enabled 6.63M USDC and 34.5M wrapped HBAR borrowing.

By AI News Crypto Editorial Team7 min read

Hedera-based lending protocol Bonzo Lend disclosed an estimated ~$9 million loss after an attacker manipulated the oracle price of SAUCE used as collateral. Bonzo attributed the incident to a flaw in Supra’s on-chain oracle verifier that accepted a manipulated price update carrying a zeroed signature, and said a fix has been deployed.

Key Takeaways

  • Bonzo Lend estimated an approximately $9 million economic impact after SAUCE collateral pricing was manipulated to enable borrowing far beyond the value deposited.
  • A deposit of 250 SAUCE, described as worth only a few dollars, preceded a price update that inflated SAUCE’s value by roughly 12 orders of magnitude.
  • The manipulated price was used to borrow 6.63 million USDC and 34.5 million wrapped HBAR from Bonzo Lend’s lending pool.
  • Bonzo tied the root cause to Supra’s on-chain oracle verifier accepting a zeroed-signature price update, and Supra acknowledged the issue and deployed a fix.

Bonzo Lend Drained After SAUCE Price Inflated by ~12 Orders of Magnitude

Bonzo Lend’s incident disclosure is a clean example of how DeFi lending breaks when the price input breaks. The protocol put the estimated economic impact at about $9 million after an attacker manipulated the price of SAUCE used as collateral, then borrowed against that inflated valuation.

What stands out is the scale mismatch between the attacker’s starting point and the protocol’s resulting loss. Bonzo described the attacker’s initial deposit as 250 SAUCE worth only a few dollars, yet the downstream borrowing was large enough to drain meaningful liquidity from the pool.

Bonzo also drew a bright line around what it believes did not fail. The protocol stressed the incident was not a vulnerability in Bonzo Lend’s contracts or Hedera’s core network. That framing matters for how traders should think about second-order risk. Even when base-layer and app logic are “working,” external dependencies can still create a straight-through path from bad data to real balance sheet damage.

How 250 SAUCE Became the Key to 6.63M USDC and 34.5M Wrapped HBAR Borrowing

The mechanics, as Bonzo described them, are simple and brutal.

The attacker deposited 250 SAUCE, then submitted a price update that inflated SAUCE’s value by roughly 12 orders of magnitude. Once that manipulated price was accepted, the account could treat near-worthless collateral as if it were high-value collateral.

From there, the extraction was executed through borrowing, not a direct theft of funds from a vault. Bonzo said the wallet borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool.

This is why the exploit’s edge was data integrity, not capital size. The attacker did not need to bring meaningful capital to the table. The “capital” was manufactured by turning a few dollars of SAUCE into an oracle-priced asset that the protocol would lend against.

For traders, the immediate focal point is not SAUCE spot alone. The borrowed assets were USDC and wrapped HBAR, which pushes attention toward stablecoin and wrapped-asset liquidity conditions around Hedera DeFi. In practical terms, the question becomes where those assets can move next, and how quickly liquidity conditions tighten when a lending pool takes a hit of this size.

Supra Oracle Verifier Accepted a Zeroed-Signature Price Update, Bonzo Says

Bonzo’s root-cause attribution points to a specific failure mode: the on-chain oracle verifier.

Bonzo said the incident stemmed from a flaw in Supra’s on-chain oracle verifier that accepted a manipulated SAUCE price carrying a zeroed signature. Supra acknowledged the issue and deployed a fix, according to Bonzo.

That detail shifts the diligence burden. If the failure is in the verifier accepting an invalidly signed update, then the key question is not whether Bonzo’s lending math was wrong. It is whether the integration and verification assumptions around third-party price updates were robust enough for adversarial conditions.

Bonzo’s statement that neither Hedera’s core network nor Bonzo Lend’s contracts were the vulnerability narrows the blast radius in one sense, but it does not eliminate ecosystem-level repricing. Traders do not need a chain failure to demand a higher risk premium. They only need proof that a critical dependency can be bypassed and that protocol liquidity can be drained as a result.

Signals Traders Should Track After the Fix: Market Status, Post-Mortem Details, and Contagion Risk

The fix is deployed, but the packet leaves several market-relevant unknowns unresolved.

First, confirmation is needed on whether Bonzo Lend paused markets, paused borrowing, or changed collateral parameters after the incident. That operational response determines whether the protocol is in containment mode or attempting to run through the damage.

Second, the post-mortem details matter more than the headline number. The packet does not specify the exact exploit timestamp, whether any funds were recovered, or whether the attacker was identified. Those specifics will shape how traders handicap repeatability and whether the drain is likely to become a realized loss for users.

Third, follow-up technical detail from Supra is a key dependency signal. Bonzo’s attribution is precise, but the scope question remains open from the packet’s perspective: whether other integrations were affected by the same zeroed-signature acceptance issue.

Finally, watch the on-chain and market signals around USDC and wrapped HBAR liquidity in Hedera DeFi. The borrowed amounts were 6.63 million USDC and 34.5 million wrapped HBAR. If liquidity conditions tighten, the second-order effect is not just one protocol’s loss. It is a broader repricing of how much leverage the ecosystem can safely support.

This Looks Like a Verifier-Validation Failure, Not a Chain Failure—But It Still Hits Hedera DeFi Risk Premium

I’m treating this as a textbook oracle-verifier validation failure, because that’s exactly how Bonzo framed it: a manipulated SAUCE price update with a zeroed signature was accepted, and that acceptance unlocked borrowing power that should never have existed. The chain did not need to break. The lending contracts did not need an obvious bug. A single weak link in the data path was enough.

The pattern worth noting is the asymmetry. The attacker’s starting collateral was 250 SAUCE described as worth only a few dollars, yet the protocol reports an estimated ~$9 million impact after 6.63 million USDC and 34.5 million wrapped HBAR were borrowed. That is the kind of loss profile that forces traders to ask “who benefits?” and the answer is always the same in these incidents: anyone positioned to extract liquidity from a system that trusts a price feed more than it should.

There are three scenarios I’m watching, and each has clear confirmation points.

Scenario one is containment with limited ecosystem spillover. That gets confirmed if Bonzo’s follow-up disclosures show decisive market actions like pausing or parameter changes, plus evidence of recovery or mitigation. The packet does not provide those facts yet, so this remains unconfirmed.

Scenario two is broader oracle integration scrutiny. That gets confirmed if Supra’s follow-up technical detail indicates the zeroed-signature acceptance could have affected other deployments, or if other protocols disclose similar verifier assumptions. Again, the packet only confirms a fix was deployed, not the scope.

Scenario three is liquidity-driven contagion inside Hedera DeFi. This gets confirmed if USDC and wrapped HBAR liquidity conditions visibly tighten after the reported borrow amounts, because those are the assets that left the pool. The key here is that traders will price the risk where the liquidity actually moved, not where the collateral started.

My base read, grounded in the facts available, is that this incident raises Hedera DeFi’s risk premium even without a Hedera core failure, and the thesis is confirmed if post-incident disclosures show tightened market operations and sustained sensitivity in USDC and wrapped HBAR liquidity following the 6.63M USDC and 34.5M wrapped HBAR drain.

Sources