Hedera-based lending protocol Bonzo Finance has suffered a significant oracle attack, resulting in a loss of approximately $9 million. The attacker exploited a vulnerability in the oracle service provider Supra, which accepted a manipulated SAUCE token price update. This allowed the attacker to inflate the token's value by 12 orders of magnitude, enabling them to borrow $6.63 million in USDC and 34.5 million wrapped HBAR from Bonzo's lending pool using minimal collateral.
The incident highlights ongoing security challenges in the DeFi sector, which has seen 83 security incidents in Q2 2026 alone, leading to $755 million in losses. The DeFi sector's total value locked has dropped by 39% since January, reflecting declining user confidence amid persistent security breaches. Supra has confirmed the oracle vulnerability and implemented a fix, while Bonzo clarified that the attack did not exploit any weaknesses in its smart contracts or the Hedera network.
Bonzo Finance Loses $9 Million in Oracle Attack Exploiting SAUCE Price Manipulation
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.
