Bonzo Lend suffered a $9 million loss after an attacker exploited a flaw in a third‑party oracle contract on the Hedera network, causing a sharp drop in TVL.

Bonzo Lend, a prominent lending protocol on Hedera, saw its total value locked (TVL) plunge by 77% after a $9 million loss stemming from an oracle exploit.

What happened

An attacker targeted a third‑party price oracle that Bonzo Lend relies on for collateral valuation. By feeding manipulated price data, the exploit allowed the attacker to withdraw assets worth approximately $9 million, instantly devaluing the protocol’s locked funds.

Impact on the protocol

The loss triggered a cascade of liquidations as collateral ratios fell below safety thresholds. Users reported difficulty withdrawing remaining funds, and the protocol’s TVL dropped from its peak to a fraction of its former size.

Bonzo Lend’s developers have temporarily paused new deposits while they investigate the breach and assess the full extent of the damage.

Response from the Hedera community

The Hedera community expressed concern over the reliance on external oracles, calling for stronger on‑chain price feeds and more rigorous security audits for third‑party contracts.

  • Review and upgrade oracle integration
  • Implement multi‑source price verification
  • Conduct comprehensive security audits for all external dependencies

Next steps for Bonzo Lend

Bonzo Lend plans to migrate to a vetted, decentralized oracle solution and to compensate affected users through a governance‑approved fund, pending further review.

We are committed to restoring trust and securing user assets moving forward.

Read the full coverage at CoinDesk.