According to CoinDesk, Bonzo Lend, a decentralized lending protocol on Hedera, suffered a US$9.05 million loss on July 11 due to an oracle verification flaw in third-party provider Supra. The Supra verifier accepted zeroed inputs and wrote a false SAUCE price on-chain, allowing an attacker to deposit 250 SAUCE tokens and borrow 6.63 million USDC and 34.52 million wrapped HBAR based on the manipulated collateral value. A second wallet borrowed approximately US$1 million more before the abnormal price was corrected. The attacker was later identified as a white hat actor via Discord and indicated intent to return funds.
Bonzo Lend's total value locked fell 77%, while Hedera's chain-wide TVL declined 40% in 24 hours to US$25.7 million, according to DeFiLlama data. Supra has deployed a fix to the affected verifier, and Bonzo paused the protocol pending remediation plans.