Bonzo Lend Total Value Locked Plunges 77% as $9M Oracle Exploit Shakes Hedera

Bonzo Lend, a decentralized lending protocol on the Hedera network, suffered an estimated loss of $9.05 million after an attacker exploited a verification flaw in a third-party Oracle Supra contract, allowing them to borrow assets that far exceeded the value of their collateral.

The attacker deposited 250 SAUCE tokens with little value, before sending a manipulated price update that inflated the so-called HBAR value of the token, according to a preliminary report of the incident from Bonzo.

The protocol said that the account subsequently borrowed 6.63 million USDC and 34.52 million wrapped HBAR. At the report’s reference HBAR price of $0.06998, the two withdrawals were worth approximately $9.05 million.

A second wallet, the report adds, borrowed approximately $1 million of additional assets while the abnormal price remained active. The wallet subsequently contacted Bonzo via Discord, identified itself as a white hat responder in the incident, and said it intended to return the funds.

Bonzo excluded those assets from its overall loss estimate, putting the total capital borrowed during the incident at approximately $10.06 million before recovery.

Hedera, according to data from DeFLlama, now has $25.7 million in total value locked (TVL). The figure fell almost 40% in the last 24 hours after the exploit. With TVL from Bonzo

Leave a Comment

Your email address will not be published. Required fields are marked *