Hedera-based lending protocol Bonzo Lend misplaced about $9 million after an attacker manipulated the worth of SAUCE used as collateral, permitting the account to borrow belongings far past the worth deposited.
In a preliminary incident report revealed Saturday, Bonzo stated the attacker deposited 250 SAUCE, price only some {dollars}, earlier than submitting a value replace that inflated the token’s worth by roughly 12 orders of magnitude. The pockets then borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool.
The case illustrates how oracle failures can flip low-value collateral right into a device for draining massive quantities of liquidity from lending protocols, even when the appliance and underlying community proceed working as designed.
Bonzo attributed the incident to a flaw in Supra’s on-chain oracle verifier, which accepted a manipulated SAUCE value carrying a zeroed signature. The protocol stated Supra acknowledged the problem and deployed a repair, whereas stressing that the incident was not a vulnerability in Bonzo Lend’s contracts or Hedera’s core community.
Estimated financial affect of the incident. Supply: Bonzo Finance
DeFi hacks proceed to stress the sector
The incident provides to a rising variety of exploits focusing on decentralized finance (DeFi) protocols in 2026.
The second quarter had turn out to be the most-hacked quarter on report by incident rely, with 83 exploits and about $755 million stolen. Cross-chain bridge exploits accounted for $351 million, whereas compromised administrator assaults and pretend token value manipulation represented 37% of quarterly losses.
In 2026, DeFi’s complete worth locked (TVL) had fallen 39% to over $70 billion in June from about $115 billion in January. CryptoRank recorded 121 hacks and roughly $942 million in losses over the interval, saying repeated safety incidents seemingly weighed on person confidence and strengthened capital outflows.
Associated: ‘All DeFi unsafe’ declare sparks AI safety debate after April hack surge
The Bonzo incident additionally follows an identical collateral-pricing exploit on Stellar. In February, attackers drained roughly $10 million from a YieldBlox DAO-managed lending pool after manipulating the worth path used to worth USTRY collateral, permitting them to borrow belongings past the token’s actual price.
Journal: Will the crypto foyer’s $189M marketing campaign get CLARITY over the road?

