A manipulated on-demand oracle update drained roughly $9 million from Bonzo Lend on Hedera early on July 11, 2026, after the protocol's verifier contract accepted a price update with an invalid signature. The attacker posted about 250 SAUCE as collateral, inflated its price by roughly 12 orders of magnitude, and borrowed approximately 6.63 million USDC and 34.5 million wrapped HBAR within seconds before Bonzo paused the protocol. The incident highlights a critical weak link in DeFi: the verifier contract that gates on-demand oracle updates, which can allow a single bad signature to bypass downstream lending logic.
The exploit: a signature check failure
At around 00:51 UTC on July 11, 2026, the attacker submitted a price update to Bonzo's on-demand oracle that dramatically inflated the value of SAUCE. The verifier contract, which is supposed to confirm that the update carries a valid signature from an authorized signer, accepted the update despite having a zeroed or otherwise invalid signature. Bonzo Finance attributed the flaw to Supra's on-chain oracle verifier on Hedera, and Supra acknowledged the issue and deployed a fix to the verifier contract on Hedera mainnet.
With the inflated collateral value locked in by the lending pool, the attacker borrowed aggressively: roughly 6.63 million USDC and about 34.5 million wrapped HBAR, totaling near $10 million before a partial white-hat return. On-chain monitors tracked about $5.25 million being bridged from Hedera to Ethereum shortly after the heist, where the attacker swapped into assets like WBTC and ETH. Security firms Specter and PeckShield published theft addresses within hours.
Why verifier assumptions matter
The Bonzo case illustrates a class of oracle risk that is often overlooked. The price feed itself was not compromised; the verifier that gates trust in on-demand updates failed its most basic check. In an on-demand model, the verifier must reject any update with a missing or zeroed signature, a signer not in the active set, a timestamp outside an expiry window, or a nonce that does not increment. The Bonzo exploit appears to have bypassed the very first guard: a malformed signature was treated as valid.
DeFi applications that consume on-demand oracle data with permissive verification are exposed to similar risks. The incident also affected Hedera users, as liquidity pulled back and confidence took a hit. The speed of the attack—roughly 250 SAUCE posted, a price update accepted, and millions borrowed in seconds—underscores how a single verifier bug can cascade into a full protocol drain.
Bonzo's response and broader lessons
Bonzo paused the protocol immediately after the exploit window. Supra deployed a fix to the verifier contract on Hedera mainnet, but app-level changes such as per-asset borrowing caps may follow. The incident has prompted renewed scrutiny of oracle architectures, especially on-demand designs where the verifier is the last line of defense. Auditors and developers are now examining verifier assumptions more closely, as the attack path did not require a complex sandwich attack or a flash loan—just one missing guard in the attestation gate.