Hedera-based lending protocol Bonzo Lend misplaced about $9 million after an attacker manipulated the value of SAUCE used as collateral, permitting the account to borrow property far past the worth deposited.
In a preliminary incident report revealed Saturday, Bonzo mentioned the attacker deposited 250 SAUCE, value only some {dollars}, earlier than submitting a value replace that inflated the token’s worth by roughly 12 orders of magnitude. The pockets then borrowed 6.63 million USDC and 34.5 million wrapped HBAR from the lending pool.
The case illustrates how oracle failures can flip low-value collateral right into a device for draining giant quantities of liquidity from lending protocols, even when the appliance and underlying community proceed working as designed.
Bonzo attributed the incident to a flaw in Supra’s onchain oracle verifier, which accepted a manipulated SAUCE value carrying a zeroed signature. The protocol mentioned Supra acknowledged the difficulty and deployed a repair, whereas stressing that the incident was not a vulnerability in Bonzo Lend’s contracts or Hedera’s core community.
Estimated financial impression of the incident. Supply: Bonzo Finance
DeFi hacks proceed to strain the sector
The incident provides to a rising variety of exploits focusing on decentralized finance (DeFi) protocols in 2026.
The second quarter had change into the most-hacked quarter on file by incident depend, with 83 exploits and about $755 million stolen. Cross-chain bridge exploits accounted for $351 million, whereas compromised administrator assaults and pretend token value manipulation represented 37% of quarterly losses.
In 2026, DeFi’s whole worth locked (TVL) had fallen 39% to over $70 billion in June from about $115 billion in January. CryptoRank recorded 121 hacks and roughly $942 million in losses over the interval, saying repeated safety incidents doubtless weighed on person confidence and strengthened capital outflows.
Associated: ‘All DeFi unsafe’ declare sparks AI safety debate after April hack surge
The Bonzo incident additionally follows an identical collateral-pricing exploit on Stellar. In February, attackers drained roughly $10 million from a YieldBlox DAO-managed lending pool after manipulating the value path used to worth USTRY collateral, permitting them to borrow property past the token’s actual value.
Journal: Will the crypto foyer’s $189M marketing campaign get CLARITY over the road?



