Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Crypto Loses $35M in a Week: BonkDAO, Bonzo Lend, Summer.fi Hacked

Wallet compromises, governance attacks, and oracle failures dominated crypto's biggest security incidents this week.

Written By Dishita Malvania
Published 1 hour ago
Make The Crypto Times preferred on GoogleGoogle
Share
Crypto Loses $35M in a Week BonkDAO, Bonzo Lend, Summer.fi Hacked

The week of July 5 to July 11 turned into one of the roughest stretches of the year for crypto security, with three major protocol incidents, a wallet-level vulnerability and a string of smaller phishing and routing losses pushing confirmed damage past $35 million. 

According to DefiLlama, the month’s tracked hacks had already produced combined losses exceeding $28 million before the Bonzo Lend hack added roughly $9 million more on Saturday.

Show AI Summary
Crypto security faces significant threats, with over $35 million in losses from three major protocol incidents and smaller phishing attacks
Weak governance rules and low voter turnout enabled a $20 million treasury drain from BonkDAO, highlighting the need for stronger security measures
Exploits targeting DeFi platforms, such as Summer.fi and Bonzo Lend, resulted in substantial losses, emphasizing the importance of robust oracle verification and flash loan protection

BonkDAO Drained of $20M Through Its Own Voting System

The biggest loss of the week hit BonkDAO, the community governance body behind Solana’s BONK memecoin, with a $20 million treasury drain on July 6. The attacker did not break a single line of code. They quietly accumulated roughly $4 million worth of BONK through exchange wallets over several days, gained a dominant share of voting power, and pushed a malicious proposal, labeled “BIP #76 Sowellian BonkDAO,” through the DAO’s token-weighted governance on Solana’s Realms platform. 

The proposal claimed it would implement new governance, install a new council, and monetize holdings, and had reportedly been live for six days without any challenge. 

When the vote closed, wallets linked to the attacker controlled about 99.878% of the votes cast, with only seven addresses voting out of more than 18,000 eligible wallets. Roughly 4.426 trillion BONK, worth an estimated $20 million, moved from the treasury to attacker-controlled wallets, and the attacker even renamed the DAO.

Response and Market Impact

BonkDAO confirmed the incident in an official statement on X dated July 6, saying it was the target of a malicious governance proposal, that it had identified the exchange wallets used to purchase BONK ahead of the vote, and that law enforcement had been notified. 

SlowMist co-founder Yu Xian broke down the token movement in an X post, noting the incident was less a hack than a takeover through weak governance rules and low voter turnout. Arkham Intelligence tracking showed portions of the stolen BONK heading toward exchanges, and BONK fell more than 8%, deepening a decline of over 80% across the past year.

Latest update: As of the end of the week, BonkDAO has not confirmed that any portion of the stolen tokens has been frozen or recovered, and no compensation plan has been announced. Upbit, Bithumb, and Kraken have all suspended BONK deposits and withdrawals while monitoring inflows linked to the exploit. 

The DAO says it is continuing to work with exchanges, bridges, the Solana Foundation and law enforcement, with further updates promised once forensic analysis is complete. Community pressure is mounting for reforms such as execution timelocks, higher quorums, and emergency multisig controls.

Summer.fi’s Lazy Summer Vaults Exploited for $6M

Hours before the BonkDAO news broke, multichain protocol Summer Finance was hit by a suspected flash loan exploit worth nearly $6 million. CertiK first flagged a suspicious transaction in which the attacker profited around $6 million using a roughly $65.4 million flash loan for liquidity manipulation, posting the alert from its CertiK Alert account on July 6. 

PeckShield confirmed the protocol had been exploited for $6 million in DAI, and security firm Blockaid reported the funds were drained before any warnings reached users. Summer.fi responded by pausing all Lazy Summer vaults and cutting deposit caps to zero across networks.

On-chain intelligence indicated the largest single victim was a wallet linked to Torben Jorgensen, co-founder of Web3 firm UDHC, who had deposited about 8.6 million USDC into the affected pool shortly before the attack. The stolen DAI was swiftly converted through Uniswap V3 pools.

Latest update: The confirmed post-mortem shows the exploit traces back to November’s Stream Finance collapse, with the attack powered by stale tokens left over from that earlier failure rather than a fresh flaw in Summer.fi’s own vault logic. Vaults remain paused with deposit caps at zero while the team completes its review, and no reimbursement plan has been announced yet.

Bonzo Lend on Hedera Hit for $9M in Oracle Exploit

The week closed with Hedera’s biggest DeFi lender, Bonzo Lend, being hacked for $9 million, with $5.25 million bridged to Ethereum, on July 11. On-chain investigator Specter first flagged what appeared to be an ongoing hack involving the Hedera network in a July 11 post on X, reporting over $3.7 million already bridged to Ethereum via LayerZero and being swapped from WBTC into ETH, and publishing two theft addresses: 0x9A4..6a494 and 0xaf2…6dD93e. 

PeckShield amplified the alert shortly after in its own X post, putting the bridged total at $5.25 million and noting the attacker’s wallet had been seeded with just 1 ETH from Tornado Cash, holding 2,360 ETH and 15.58 WBTC at the time.

The Oracle Flaw Behind It

Bonzo Finance confirmed the target in its official incident report posted on X and attributed the incident to a flaw in a third-party oracle’s verification process. The exploit began around 00:51 UTC on July 11, when the attacker submitted a manipulated price for the SAUCE token that inflated its value by about 12 orders of magnitude. 

The oracle verifier accepted the update despite it carrying a zeroed signature rather than a valid one from the authorized committee. 

Eight seconds later, the attacker used a deposit of just 250 SAUCE, worth a few dollars, as collateral to borrow approximately $9.05 million. The legitimate oracle feed restored SAUCE to about 0.1964 HBAR at 01:36 UTC, and Bonzo Lend was paused five minutes later.

Latest update: Bonzo identified Supra as the oracle provider whose verification infrastructure accepted the invalid update, and Supra has acknowledged the issue and deployed a fix to the affected verifier contract on Hedera mainnet. 

A second wallet that borrowed roughly $1 million during the mispricing window has identified itself as a white hat and pledged to return the assets, bringing total abnormal borrowing to about $10.06 million. Bonzo Lend and Bonzo Points remain paused while the team evaluates recovery and withdrawal plans, while Bonzo Vaults, Bonzo Bridge, and single-sided staking continue operating normally. 

The stolen funds remain parked in the attacker’s Ethereum wallets, which every on-chain sleuth is now watching, and the exploiter has not been identified. HBAR slipped to around $0.069, and Upbit, Bithumb, and Coinone issued investor caution notices.

Ill Bloom Wallet Flaw Crosses $5M in Confirmed Thefts

Wallet users took direct hits too. Security firm Coinspect disclosed a vulnerability it calls Ill Bloom, rooted in how some older mobile and browser extension wallets generated recovery phrases with weak randomness, letting attackers derive the seed and drain everything it controls. 

The firm confirmed a coordinated sweep on May 27 that drained about $3.1 million from 431 wallets, plus a further $2.1 million in USDT stolen afterward from a seed the same attacker had already compromised.

Latest update: As of Coinspect’s July 10 update, confirmed losses have passed $5 million, and the firm calls that a floor rather than a ceiling, as it keeps finding more vulnerable seed phrases along other generation paths. Its public checker has been expanded to reflect the larger exposed set. 

The May attacker skipped wallets holding under about $5, but those seeds remain compromised, and anything deposited later can still be taken. Coinspect warned users never to enter a seed phrase into any checker or website, and to move funds to a hardware wallet with a freshly generated phrase if exposed.

 The Week’s Smaller Hits

  • $999,999 USDT gone in one phishing signature (July 8): A crypto user lost $999,999 in USDT to a single phishing signature after signing a malicious token approval on Ethereum. Scam Sniffer traced the theft in a July 9 X post, showing the attackers first attempted a rounded $1 million withdrawal that failed because the wallet held slightly less. Thirty-six seconds later, the automated sweeper recalculated and pulled the exact remaining balance across three transactions of 639,999, 159,999, and 200,000 USDT. 

Latest update: no recovery reported; Scam Sniffer data shows signature phishing losses up over 200% in early 2026 even as victim counts fall. 

  • Nearly $2M lost to a bad swap route: A trader lost close to $2 million after a decentralized exchange routed an Ether swap through a low-liquidity pool, letting a same-block arbitrage trade extract most of the transaction’s value. 

Latest update: no recovery reported; GoPlus Security attributed the loss to transaction routing rather than phishing and urged users to review execution paths before confirming large swaps. 

  • Ctrl Wallet shuts down for good: Ctrl Wallet announced it will permanently close after a security exploit affecting some Cardano wallets. 

Latest update: users have until August 3 to withdraw assets before the service goes offline. 

  • SecondFi winds down: In a related Cardano development, EMURGO is winding down SecondFi for good as the Cardano hack recovery drags on, closing one of the ecosystem’s longest-running restitution efforts. 
  • Secret Network votes to leave Cosmos: Secret Network proposed migrating SCRT from Cosmos to Arbitrum in a July 7 governance proposal, citing security risks, weaker liquidity, and an aging codebase. 

Latest update: the proposal remains under community vote. 

  • CodexField rug pull allegations: On BNB Chain, on-chain analyst Specter raised rug pull allegations against CodexField, a project on BNB Greenfield. 

Latest update: the claims remain allegations based on on-chain activity, with no team response at the time of writing. 

The Bigger Picture

The week fits squarely into the pattern laid out in CertiK’s H1 2026 report published Monday: Web3 lost more than $1.31 billion across 344 incidents in the first half of 2026, with wallet compromises overtaking smart contract exploits as the biggest source of losses at $444.5 million, followed by phishing at $366.3 million across just 63 incidents. 

CertiK’s blunt assessment was that the underlying security environment has not improved and has, in several respects, deteriorated. Immunefi separately counted a record 207 incidents in H1, and SlowMist logged 182 events worth about $956 million, with North Korean-linked groups blamed for roughly two-thirds of the stolen value.

What connects this week’s three big exploits is that none involved a simple contract bug in the traditional sense. BonkDAO was a governance takeover executed through the front door. Summer.fi was an automated vault machinery poisoned by tokens from a dead protocol. Bonzo Lend was a third-party oracle waving through a forged price. 

The attack surface keeps climbing up the stack, away from the code that gets audited and toward the rules, infrastructure, and human approvals that mostly do not.

Also Read: Meme Coin Frenzy on Robinhood Chain: Trader Turns $838 Into a Million on CASHCAT

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

110 Things More Dangerous Than Spam Saylor Says BIP-110 Could Invalidate Bitcoin Transactions
“110 Things More Dangerous Than Spam”: Saylor Says BIP-110 Could Invalidate Bitcoin Transactions
Pakistan's Top Islamic Scholar Rules Bitcoin, Ethereum, and USDT Haram
Pakistan’s Top Islamic Scholar Rules Bitcoin, Ethereum, and USDT Haram
Ethereum Crosses $1,800, and Eric Trump Has Just Three Words
Ethereum Crosses $1,800, and Eric Trump Has Just Three Words
The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
Hedera's Biggest DeFi Lender Bonzo Lend Hacked for $9M, $5.25M Bridged to Ethereum
Hedera’s Biggest DeFi Lender Bonzo Lend Hacked for $9M, $5.25M Bridged to Ethereum

Find Us on Socials

You may also like

On-Chain Investigator Flags BNB Chain's CodexField as a Potential $85M Rug Pull

On-Chain Investigator Flags BNB Chain’s CodexField as a Potential $85M Rug Pull

Robinhood Chain Active Addresses Hit Record High Amid Meme Coin Frenzy

Robinhood Chain Active Addresses Hit Record High Amid Meme Coin Frenzy

Crypto User Loses $999,999 in USDT to a Single Phishing Signature

Crypto User Loses $999,999 in USDT to a Single Phishing Signature

Hyperliquid Token Buybacks Chip Away at Supply as Revenue Outstrips Ethereum’s Burn Rate

Hyperliquid Token Buybacks Chip Away at Supply as Revenue Outstrips Ethereum’s Burn Rate

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information