Bonzo Hack
Incident Overview
In 11th July 2026, the Hedera-based lending protocol Bonzo Lend suffered an upstream price oracle exploit on the Hedera mainnet targeting its configured Supra Oracle verifier contract, resulting in a loss of approximately $9.05 million.
The exploit was driven by a signature validation flaw in Supra’s on-chain "pull" oracle verifier contract, rather than a bug within Bonzo Lend's code or the underlying Hedera network. The attacker submitted a manipulated SAUCE/wHBAR price update carrying a completely zeroed BLS signature [0,0]. Because both the input signature point and the referenced committee public key were zero (representing the cryptographic "point at infinity"), Hedera's pairing precompile system contract (0.0.8) correctly evaluated the mathematical equation as true under EIP-197.
However, Supra's verifier lacked a fundamental sanity check to reject identity and off-subgroup inputs before treating a successful pairing result as valid. As a result, the contract accepted an unsigned update that artificially inflated the price of the SAUCE token by twelve orders of magnitude. The attacker then used a nominal deposit of 250 SAUCE to borrow 6.63 million USDC and 34.5 million WHBAR from Bonzo Lend, draining the pool before the protocol was paused.
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to Bonzo, these are the critical security checks that could have prevented this incident (July 2026).
- Verify all logic paths related to Oracle Issue are guarded by proper access controls and input validation
- Audit oracle price feeds for manipulation risks - ensure time-weighted average prices (TWAPs) or multi-source aggregators are used, not spot prices
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialSources & References
Learn to Prevent the Next Bonzo
The Bonzo hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.