
Bonzo Lend, a decentralized lending protocol on the Hedera community, suffered an estimated $9.05 million loss after an attacker exploited a verification flaw in a third-party Supra oracle contract, permitting them to borrow belongings far exceeding the worth of their collateral.
The attacker deposited 250 SAUCE tokens with little worth, earlier than submitting a manipulated value replace that inflated the token’s HBAR-denominated worth, in line with a preliminary incident report from Bonzo.
The protocol stated the account subsequently borrowed 6.63 million USDC and 34.52 million wrapped HBAR. On the report’s reference HBAR value of $0.06998, the 2 withdrawals had been price roughly $9.05 million.
A second pockets, the report provides, borrowed roughly $1 million of further belongings whereas the irregular value remained energetic. The pockets later contacted Bonzo via Discord, recognized itself as a white-hat responder to the incident and stated it supposed to return the funds.
Bonzo excluded these belongings from its headline loss estimate, inserting complete principal borrowed through the incident at roughly $10.06 million earlier than restoration.
Hedera, in line with DeFLlama information, now has $25.7 million in complete worth locked (TVL). The determine dropped almost 40% within the final 24 hours after the exploit. With Bonzo’s TVL
