Hedera Oracle Exploit Drains $9M From Bonzo Lend, Including 34.5M Wrapped HBAR

HBAR

HBAR/USDT

$0.0696
-0.90%
24h Volume

$86,946,493.91

24h H/L

$0.07121 / $0.06666

Change: $0.004550 (6.83%)

Funding Rate

+0.0049%

Longs pay

Data provided by COINOTAG DATALive data
HBAR
HBAR
Daily

$0.06971

-0.90%

Volume (24h): -

Resistance Levels
Resistance 3$0.0843
Resistance 2$0.0757
Resistance 1$0.0704
Price$0.06971
Support 1$0.0685
Support 2$0.0572
Support 3$0.0549
Pivot (PP):$0.07044
Trend:Downtrend
RSI (14):38.3
(05:11 PM UTC)
4 min read
1228 views
0 comments

HBAR News

Hedera-based lending protocol Bonzo Lend lost roughly $9 million after an attacker manipulated the price of the SAUCE token used as collateral, draining the pool for far more than was ever deposited. The incident, disclosed in a preliminary report over the weekend, struck a decentralized-finance application built on Hedera — the distributed-ledger network known for high throughput and low fees where HBAR (HBAR) is the native altcoin. Bonzo framed the loss as an oracle-verification failure rather than a fault in its own smart contracts, but the drained liquidity still added visible pressure across the HBAR ecosystem as user confidence wavered.

Our reading of the on-chain sequence shows how small the initial stake was relative to the payout. The attacker first deposited just 250 SAUCE — worth only a few dollars — before submitting a price update that inflated the token's value by roughly 12 orders of magnitude. With the collateral now reading as enormously overvalued, the same wallet borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool and walked away. An oracle, the system that feeds off-chain prices into smart contracts, is where lending platforms calculate collateral value, so a single corrupted feed converted a trivial deposit into a multimillion-dollar extraction.

Hedera moved quickly to separate the exploit from its base layer. In an official statement, the network said its investigation found no compromise to its consensus algorithm or core services, and that the mainnet continued operating without interruption throughout the incident. That distinction matters for holders: the failure lived in an application-layer pricing component, not in the ledger itself. Even so, the episode is a reminder that a network can run flawlessly while a protocol built on top of it hemorrhages funds, and that blind signing and weak oracle checks remain a persistent attack surface for DeFi users.

Bonzo traced the root cause to a flaw in Supra's on-chain oracle verifier, which accepted a manipulated SAUCE price that carried a zeroed-out signature. In plain terms, the verification layer treated an invalid, tampered price feed as legitimate and passed it through to the lending logic. The protocol said Supra acknowledged the defect and deployed a fix, while reiterating that neither Bonzo Lend's contracts nor Hedera's underlying infrastructure contained the vulnerability. The attack pattern — bypassing signature validation to force an absurd valuation — underscores why oracle integrity is treated as critical infrastructure across lending markets.

The Bonzo loss lands amid a punishing year for decentralized finance. Market data indicates the second quarter of 2026 became the most-hacked quarter on record by incident count, with 83 separate exploits and roughly $755 million stolen. Cross-chain bridge attacks alone accounted for about $351 million of that total, while compromised-administrator breaches and fake price manipulation made up 37% of quarterly losses. The clustering of oracle and collateral-pricing attacks suggests adversaries are increasingly targeting the data plumbing of DeFi rather than the smart contracts themselves.

The broader sector backdrop is equally strained. Total value locked across DeFi fell 39% to just over $70 billion in June from about $115 billion in January, with 121 recorded hacks and roughly $942 million in losses over the period — a run of incidents that likely reinforced capital outflows. The Bonzo case echoes a February exploit on Stellar, where attackers drained around $10 million from a YieldBlox lending pool by manipulating the price path used to value USTRY collateral. Repeated collateral-pricing failures are steadily eroding trust in the automated market maker and lending models that anchor on-chain credit.

On our own signals, HBAR trades near $0.0696, down 0.94% on the day, and COINOTAG's proprietary 42-indicator composite S/R scoring engine rates the $0.0685 support at a maximum 100/100, driven by the confluence of the Keltner Lower and ATR Lower bands alongside Donchian Lower. Overhead, the engine scores the $0.0757 resistance at 90/100 (Ichimoku Kijun, Swing High) with a nearer $0.0704 pivot cluster at 70/100. An RSI of 38 and a downtrend read as bearish, though MACD has flipped bullish; derivatives show a mildly positive 0.0049% funding rate and $20.3 million in open interest, while the Fear & Greed Index sits at 26 (Fear). A daily close below $0.0685 would invalidate the recovery thesis and expose $0.0572.

COINOTAG does not provide financial advisory services. This content is for informational purposes only and should not be considered investment advice. Cryptocurrency investments involve high risk.

Add COINOTAG as a Preferred Source

Add COINOTAG to your preferred sources in Google News and Search to see our coverage first.

Add on Google
Sarah Chen

Sarah Chen

COINOTAG author

View all posts
AI-AssistedMarket Analyst·Sarah Chen is a market analyst specializing in technical analysis and risk management for cryptocurrency markets, with five years of active trading desk experience.

AI-generated, AI-reviewed, under COINOTAG editorial oversight.

Comments

Comments