Bonzo Lend, a non-savings lending and borrowing system built on the Hedera (HBAR) network, was recently implemented. This action was taken after the operator was able to lease the property in excess of the collateral. As a result, Bonzo Lend lost $9.05 million.
Initial results linked the breach to an error in Supra’s signature verification, which caused SAUCE’s price feeds to change. The attacker got a few credits before the protocol stopped working.

By posting on X, Hedera confirmed Bonzo Lend’s smart contracts and Hedera’s network were not compromised. This discovery reduced the failure of external infrastructure instead of blockchain security.
At this time, the use was quickly lost in the mind of the market. At press time, HBAR was down about $0.068, while Hedera’s DeFi TVL was down 21.43% to $25.4 million. This decline reflects the deregulation of the economy even though the networks themselves have remained relatively stable.


However, opportunism revealed a growing need for value-based governance. As recovery efforts continue, strong cryptographic security and authentication principles may be essential to the security of DeFi protocols.
Oracle flaw exposes DeFi risk
A review of Bonzo Lend’s smart contracts confirmed that there were no related issues. However, it also showed how successful the attack was. Although the program had read the value used by SAUCE to calculate the collateral as described by the program, it did exactly as it was designed.
Auditors ruled out bad debts and market distortions based on their view of SAUCE’s sales volume, which was only a few thousand dollars.
Instead of using those methods, the attacker took advantage of the protocol’s reliance on trusted communications. Even if the code is successful, attackers can still use protocol rules against users and protocol owners. This strategy shows the inherent vulnerability of DeFi where the rules are armed even to kill innocent code. Such protocol targets remain a regular category in DefiLlama’s hacks database.
Therefore, such review is running protocols to take financial measurements, intentional verification, and error recovery, in addition to regular intelligence research.
Brief Summary
- The Hedera oracle exploit exposed vulnerabilities in trusted tree feeds.
- HBAR showed the correct protocol logic can still allow millions of transactions.





