Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Hedera’s Biggest DeFi Lender Bonzo Lend Hacked for $9M, $5.25M Bridged to Ethereum

Specter and PeckShield traced the Bonzo Lend exploit as the attacker bridged over $5.25 million from Hedera to Ethereum after exploiting an oracle flaw that enabled roughly $9.05 million in fraudulent borrowing.

Written By Dishita Malvania
Published 52 minutes ago
Make The Crypto Times preferred on GoogleGoogle
Share
Hedera's Biggest DeFi Lender Bonzo Lend Hacked for $9M, $5.25M Bridged to Ethereum

The Hedera DeFi ecosystem was rocked on Saturday after an attacker exploited Bonzo Lend, the largest lending protocol on the network, and rapidly moved millions of dollars in stolen assets to Ethereum.

The incident was reported by Specter, who flagged what appeared to be an ongoing hack involving the Hedera Network, with over $3.7 million already bridged to Ethereum at the time of the initial alert. Specter noted that the stolen funds were being swapped from Wrapped Bitcoin (WBTC) into ETH after being bridged from Hedera via LayerZero, and shared two theft addresses: 0x9A4..6a494 and 0xaf2…6dD93e.

The tracked total climbed quickly, rising from $3.7 million to more than $4 million and then past $5 million within hours.

Show AI Summary
The $5.25 million hack of Bonzo Lend may lead to significant changes in Hedera’s DeFi ecosystem, with potential long-term impacts on user trust and protocol security
The incident highlights the need for improved oracle verification processes, with Supra’s flawed infrastructure allowing the attacker to manipulate SAUCE token prices and borrow millions in assets
As the stolen funds remain on Ethereum, the coming days will be crucial in determining the fate of the exploited assets and the potential for recovery, with the attacker’s next moves being closely watched

PeckShield Tracks $5.25M and a Tornado Cash Trail

Blockchain security firm PeckShield amplified Specter’s findings shortly after. According to the firm’s follow-up alert, $5.25 million in stolen funds had already been bridged from Hedera Mainnet to Ethereum, with the hacker’s wallet holding 2.36K ETH worth $4.25 million and 15.58 WBTC worth about $1 million. The firm added that the attacker originally funded the wallet with just 1 ETH sourced from Tornado Cash, a privacy mixer commonly used by exploiters to obscure their funding trail before an attack.

On-chain data from Etherscan supports the trail. At one snapshot, the primary attacker address 0xaf20…d93e held 2,284.05 ETH worth roughly $4.11 million for $1,799.60 per ETH, along with a single token holding valued at about $1.42 million. The wallet’s “Funded By” field shows exactly 1 ETH received from Tornado Cash, with the first transaction recorded around 10 hours before the alerts and activity continuing as recently as an hour before. 

Internal transaction records show a stream of repeated ETH transfers into the wallet, including chunks of 73.83 ETH, 70.99 ETH, 71.01 ETH, and 55.82 ETH arriving from a single intermediary contract, consistent with the WBTC-to-ETH swapping pattern Specter described. An earlier explorer snapshot at the same address showed 2,068.21 ETH, worth $3.71 million, confirming how quickly the balance was growing as the attacker consolidated funds.

Bonzo Finance Confirms Oracle Verifier Flaw

Bonzo Finance later confirmed that the affected application was Bonzo Lend and attributed the incident to a flaw in a third-party oracle’s verification process, estimating that the primary attacker borrowed approximately $9.05 million after submitting a manipulated price for the SAUCE token. The protocol stressed that its lending contracts and Hedera’s underlying consensus network were not compromised.

According to Bonzo’s official incident report, the exploit began at around 00:51 UTC on July 11, when the attacker submitted a manipulated SAUCE price to an on-demand oracle contract on Hedera. SAUCE was trading at roughly 0.2 HBAR, but the malicious update inflated its value by about 12 orders of magnitude. The oracle verifier accepted the update even though it carried a zeroed signature rather than a valid signature from the authorized oracle committee.

Eight seconds after the false price went live, the attacker used a deposit of just 250 SAUCE, worth only a few dollars, as collateral to borrow roughly 6.6 million USDC and 34.5 million Wrapped HBAR (WHBAR). 

A second wallet borrowed roughly $1 million while the manipulated price remained active, but later contacted the Bonzo team, identified itself as a white-hat responder, and stated it intends to return the assets. Bonzo excluded this amount from its headline loss figure, although total borrowing during the abnormal pricing window reached approximately $10.06 million.

Bonzo identified Supra as the oracle provider whose verification infrastructure accepted the invalid update, and said Supra has acknowledged the issue and deployed a fix to the affected verifier contract on Hedera mainnet. The legitimate oracle feed restored SAUCE to about 0.1964 HBAR at 01:36 UTC, and Bonzo Lend was paused five minutes later.

Current Status and Market Reaction

Bonzo Lend and Bonzo Points remain paused while the team evaluates recovery and withdrawal plans. Bonzo Vaults, Bonzo Bridge and single-sided BONZO and XBONZO staking were not affected and continue operating normally. The stolen funds remain parked in the attacker’s Ethereum wallets, and the exploiter has not been identified.

HBAR traded lower following the reports, and South Korean crypto exchanges including Upbit, Bithumb, and Coinone issued investor caution notices regarding Hedera. The token slipped to around $0.069 as the exploit unfolded, with intraday losses deepening as the tracked theft figure grew.

The incident extends a brutal July for DeFi. According to DefiLlama, three hacks this month have produced combined losses exceeding $28 million, including a $6 million exploit of Summer.fi and a $20 million governance attack on BonkDAO.

Also Read: $6M Lazy Summer Exploit Traces Back to November’s Stream Finance Collapse

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Ethereum L1 Tops Public Networks With Over $19B in Tokenized Assets
Ethereum L1 Tops Public Networks With Over $19B in Tokenized Assets
Backpack Launches 24/7 Trading for Select U.S. Stocks
Backpack Launches 24/7 Trading for Select U.S. Stocks
Why is Black Bull (ANSEM) Token Down Today
Why is Black Bull (ANSEM) Token Down Today?
Empery Digital Sells 1,400 BTC to Cut Debt, Fund Expansion
Senate Democrats Renew Calls to Probe Trump’s Crypto Holdings

Find Us on Socials

You may also like

On-Chain Investigator Flags BNB Chain's CodexField as a Potential $85M Rug Pull

On-Chain Investigator Flags BNB Chain’s CodexField as a Potential $85M Rug Pull

Robinhood Chain Active Addresses Hit Record High Amid Meme Coin Frenzy

Robinhood Chain Active Addresses Hit Record High Amid Meme Coin Frenzy

Crypto User Loses $999,999 in USDT to a Single Phishing Signature

Crypto User Loses $999,999 in USDT to a Single Phishing Signature

Hyperliquid Token Buybacks Chip Away at Supply as Revenue Outstrips Ethereum’s Burn Rate

Hyperliquid Token Buybacks Chip Away at Supply as Revenue Outstrips Ethereum’s Burn Rate

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information