Loading article…
Bonzo Lend on Hedera hit by a $9 million oracle hack on July 11, wiping out 77% of its TVL and pausing the protocol amid rising 2026 DeFi attacks.
Bonzo Lend on the Hedera blockchain lost roughly $9 million after an attacker manipulated the price of the SAUCE token via a flaw in Supra’s on‑chain oracle verifier, wiping out about 77% of the protocol’s value locked on July 11 2026 [4]. The loss underscores growing security concerns in DeFi, where 2026 has already seen a record‑high number of exploits and a sharp decline in total value locked.
| At a glance | |
|---|---|
| Loss | $9 million (≈ 77% of TVL) |
| Date | July 11 2026 |
| Collateral token | SAUCE (inflated price) |
| Catalyst | Supra oracle verifier flaw |
The attacker deposited 250 SAUCE tokens—worth only a few dollars—into Bonzo Lend and then fed a dramatically inflated price into Supra’s oracle verifier contract. With the on‑chain price appearing legitimate, the protocol allowed the attacker to borrow roughly 6.6 million USDC and 34.5 million Wrapped HBAR (WHBAR) in a single transaction [3]. A second wallet extracted an additional $1 million before the breach was identified. Bonzo Finance traced the breach to the third‑party oracle rather than its own smart contracts and subsequently paused the lending platform and its points program while recovery efforts continue [3].
The incident adds to a surge of DeFi attacks in 2026. The second quarter of the year recorded 83 exploits totaling about $755 million, making it the most‑hacked quarter on record [1]. Overall, DeFi’s total value locked fell 39% from $115 billion in January to just over $70 billion in June [1]. CryptoRank logged 121 hacks and roughly $942 million in losses for the year, suggesting that repeated security breaches are eroding user confidence and prompting capital outflows [1].
Bonzo Lend has issued no detailed public statement regarding compensation, remediation, or whether the oracle vulnerability has been patched [2]. The silence leaves liquidity providers uncertain about the safety of remaining funds and raises questions about the protocol’s treasury or insurance capacity to cover the nine‑figure loss [2]. The exploit also spotlights the need for deeper stress‑testing of oracle verification logic across Hedera‑based projects.
The $9 million breach not only decimated Bonzo Lend’s locked value but also serves as a stark reminder that oracle verification flaws remain a critical attack surface in DeFi, especially as the sector grapples with a record number of hacks and shrinking capital.
Coverage is mostly measured — 5 of 5 reports stay neutral.
Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.
Free · 3-min read · one-click unsubscribe
AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 4 outlets · Jul 12, 2026 · How we report
BillsOnChain is a Web3 platform that turns physical receipts into tokenised digital assets on Hedera's distributed ledger, providing immutable storage, auditability, and the ability to mint NFTs.
The platform reports scanning more than 830,000 bills and minting over 430,000 NFTs using Hedera's network.
An attacker exploited a verification flaw in a third‑party Supra oracle contract, inflating token prices and borrowing assets worth about $9.05 million.
Hedera's total value locked dropped by nearly 40% within 24 hours after the exploit.
The sources present both significant adoption use cases and a notable security incident, resulting in a neutral overall sentiment.