Bonzo Lend Loses $9.05M in Oracle Exploit on July 11 as Fake SAUCE Price Drains Protocol

SAUCE-3.01%
SUPRA-0.65%
HBAR-0.26%

According to Bonzo Lend's incident report, the protocol lost approximately $9.05 million on July 11 after an attacker exploited a flaw in Supra's third-party oracle verifier. A price update signed with a zeroed signature passed validation, inflating SAUCE's price by roughly twelve orders of magnitude—from about 0.2 HBAR to one followed by thirty zeroes. Using this artificially inflated collateral, the attacker drained the protocol's lending pools.

A second wallet exploited the same vulnerability to withdraw about $1 million but subsequently identified itself as a white-hat responder and committed to returning the funds. Hedera confirmed the incident was isolated to the external oracle layer, while Supra acknowledged the flaw and deployed a fix to its contract on Hedera mainnet. Bonzo Lend's total value locked fell from approximately $14.3 million on July 10 to $3.2 million by July 12.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments