Loading article…
Bonzo Lend hit by a $9 million oracle hack on July 11 2026, draining 77% of its TVL and pausing the platform.
Bonzo Lend on Hedera was drained of roughly $9 million after an attacker manipulated the price of the SAUCE token via a flaw in Supra’s on‑chain oracle verifier, wiping out about 77% of the protocol’s value locked on July 11 2026 [4].
| At a glance | |
|---|---|
| Loss | $9 million |
| TVL impact | –77 % |
| Collateral token | SAUCE (inflated price) |
| Catalyst | Supra oracle verifier exploit |
The attacker deposited 250 SAUCE tokens—worth only a few dollars—into Bonzo Lend and then fed a falsified price into Supra’s oracle verifier, inflating the token’s value by roughly twelve orders of magnitude. Within seconds the protocol accepted the overvalued collateral and released about $6.6 million USDC and 34.5 million Wrapped HBAR (WHBAR) to the attacker, with a second wallet extracting an additional $1 million [3][4]. The breach was traced to a verification flaw in Supra’s contract rather than a direct vulnerability in Bonzo’s own code [4].
Bonzo Lend and its points program were immediately paused while the team investigated the loss [3]. No public statement has detailed remediation steps, compensation plans, or whether the oracle integration has been patched, leaving users uncertain about the protocol’s security posture [2]. The incident adds to a surge in DeFi exploits: the second quarter of 2026 recorded 83 hacks totalling about $755 million, with cross‑chain bridge attacks alone accounting for $351 million of those losses [1]. Overall, DeFi’s total value locked fell 39% from $115 billion in January to just over $70 billion in June, a decline that analysts link to repeated security breaches eroding user confidence [1].
Hedera’s DeFi sector, while smaller than Ethereum’s, has been growing, and a breach of this magnitude can stall that momentum. The exploit highlights persistent oracle risks across blockchains; similar attacks have previously hit protocols on Ethereum, BNB Chain, Avalanche, and even Stellar, where a $10 million collateral‑pricing exploit occurred earlier in the year [1][2]. The lack of a swift, transparent response from Bonzo Lend may amplify concerns among liquidity providers and could deter new capital from entering Hedera‑based lending platforms.
The $9 million drain underscores that oracle verification remains a critical vulnerability in DeFi, and the silence from Bonzo Lend leaves the broader Hedera community uncertain about the protocol’s resilience and the sector’s future growth.
Coverage is mostly measured — 5 of 5 reports stay neutral.
Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.
Free · 3-min read · one-click unsubscribe
AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 4 outlets · Jul 12, 2026 · How we report
BillsOnChain is a Web3 platform that turns physical receipts into tokenised digital assets on Hedera's distributed ledger, providing immutable storage, auditability, and the ability to mint NFTs.
The platform reports scanning more than 830,000 bills and minting over 430,000 NFTs using Hedera's network.
An attacker exploited a verification flaw in a third‑party Supra oracle contract, inflating token prices and borrowing assets worth about $9.05 million.
Hedera's total value locked dropped by nearly 40% within 24 hours after the exploit.
The sources present both significant adoption use cases and a notable security incident, resulting in a neutral overall sentiment.