
Bonzo Lend, a decentralized lending protocol on the Hedera community, suffered an estimated $9.05 million loss after an attacker exploited a verification flaw in a third-party Supra oracle contract, permitting them to borrow property far exceeding the worth of their collateral.
The attacker deposited 250 SAUCE tokens with little worth, earlier than submitting a manipulated value replace that inflated the token’s HBAR-denominated worth, in response to a preliminary incident report from Bonzo.
The protocol stated the account subsequently borrowed 6.63 million USDC and 34.52 million wrapped HBAR. On the report’s reference HBAR value of $0.06998, the 2 withdrawals have been price roughly $9.05 million.
A second pockets, the report provides, borrowed roughly $1 million of extra property whereas the irregular value remained energetic. The pockets later contacted Bonzo by Discord, recognized itself as a white-hat responder to the incident and stated it supposed to return the funds.
Bonzo excluded these property from its headline loss estimate, inserting complete principal borrowed through the incident at roughly $10.06 million earlier than restoration.
Hedera, in response to DeFLlama information, now has $25.7 million in complete worth locked (TVL). The determine dropped practically 40% within the final 24 hours after the exploit. With Bonzo’s TVL

