In a startling breach, Bonzo Lend, a decentralized lending protocol on the Hedera network, suffered a significant security compromise, losing approximately $9 million. The incident involved an exploited flaw in the protocol’s oracle mechanism, which enabled an attacker to manipulate collateral values beyond their actual worth.
How Was the Oracle Exploited?
The security breach unfolded when the attacker deposited a mere 250 units of the SAUCE token, equivalent to just a few dollars. By submitting a manipulated price feed, the assailant astonishingly boosted SAUCE’s value by 12 magnitudes. This manipulation allowed the extraction of substantial loans, totaling 6.63 million USDC and 34.5 million wrapped HBAR from Bonzo’s liquidity pool.
Why Bonzo and Hedera Are Not To Blame?
Bonzo Finance clarified that the weakness did not lie in its own smart contracts or the Hedera network itself. Instead, the vulnerability resided in how the protocol’s oracle system handled external pricing data, exposing it to potential exploitation and manipulation.
Operating on the Hedera blockchain, Bonzo serves as a DeFi platform that enables the collateralized supply and borrowing of assets. Hedera is recognized for its focus on enhancing the speed and security of decentralized applications.
Do Security Breaches Pose Continued Risks for DeFi?
DeFi platforms continue to grapple with security threats, as evidenced by the rise in exploits in 2026. A record-breaking 83 such incidents occurred in the second quarter alone, resulting in a hefty $755 million stolen. Notably, cross-chain bridge breaches accounted for $351 million of this total, with token price manipulations and administrative compromises also playing significant roles.
- DeFi’s total value locked (TVL) saw a stark decline, falling 39% in 2026.
- The TVL dropped from $115 billion in January to over $70 billion by June.
- A total of 121 hacks led to estimated losses of $942 million in the same period.
- Continuous security breaches are eroding user confidence and capital inflows.
This breach mirrors an earlier exploit on YieldBlox DAO’s lending pool on the Stellar network, where attackers exploited oracle pricing paths to siphon off roughly $10 million. Such incidents underscore the persistent vulnerabilities of external data feeds and price oracles in DeFi systems, pointing to an ongoing challenge for the sector to bolster its defenses against similar manipulations.



