Bonzo Hack

TOTAL LOST $9.0M
Medium Oracle Issue

Summarize with AI

Affected Chain 2026 Incident surface
Recovered - No recovery reported
All-Time Rank #321 By amount stolen
Protocol Type Exploit/Oracle Issue Target category

Incident Overview

In 11th July 2026, the Hedera-based lending protocol Bonzo Lend suffered an upstream price oracle exploit on the Hedera mainnet targeting its configured Supra Oracle verifier contract, resulting in a loss of approximately $9.05 million.

The exploit was driven by a signature validation flaw in Supra’s on-chain "pull" oracle verifier contract, rather than a bug within Bonzo Lend's code or the underlying Hedera network. The attacker submitted a manipulated SAUCE/wHBAR price update carrying a completely zeroed BLS signature [0,0]. Because both the input signature point and the referenced committee public key were zero (representing the cryptographic "point at infinity"), Hedera's pairing precompile system contract (0.0.8) correctly evaluated the mathematical equation as true under EIP-197.

However, Supra's verifier lacked a fundamental sanity check to reject identity and off-subgroup inputs before treating a successful pairing result as valid. As a result, the contract accepted an unsigned update that artificially inflated the price of the SAUCE token by twelve orders of magnitude. The attacker then used a nominal deposit of 250 SAUCE to borrow 6.63 million USDC and 34.5 million WHBAR from Bonzo Lend, draining the pool before the protocol was paused.

Attacker Address: 0x9a496615…d6a494

Exploit Transaction: 0xd50c55e2…a10a60

Incident Report

Protocol / Project Bonzo
Date of Incident
Attack Technique Oracle Issue
Classification Borrowing and Lending

Protocol Information

Protocol Type Exploit/Oracle Issue
Official Website app.bonzo.finance/
Protocol Twitter/X @bonzo_finance
Team Anonymous
Source Code Unverified

What the Attacker Needed to Succeed

Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.

Technical Knowledge Deep understanding of oracle issue and Solidity and EVM internals
Capital Required Seed capital to cover gas and initial position setup
On-Chain Access Ability to interact with smart contracts and deploy a custom exploit contract
Protocol Analysis Identification of the exploitable vulnerability in Bonzo's contract logic - root cause: borrowing and lending
Execution Speed Precise transaction ordering and timing to exploit the vulnerability within a single atomic block
Obfuscation Plan A strategy to launder and move stolen funds - typically through mixers, cross-chain bridges, or decentralized DEX swaps to resist tracing

What Auditors Should Check

Could this have been caught in audit? Yes — skilled auditors routinely flag Oracle Issue vulnerabilities in code review

If you're auditing a protocol with similar architecture to Bonzo, these are the critical security checks that could have prevented this incident (July 2026).

  • Verify all logic paths related to Oracle Issue are guarded by proper access controls and input validation
  • Audit oracle price feeds for manipulation risks - ensure time-weighted average prices (TWAPs) or multi-source aggregators are used, not spot prices
  • Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs

Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.

Free Trial

Sources & References

Learn to Prevent the Next Bonzo

The Bonzo hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.

Recreate exploit patterns safely Free Trial