Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Security & Hacks

Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera

A manipulated SAUCE oracle price enabled an attacker to borrow about $9.05 million from Bonzo Lend before part of the assets was moved from Hedera to Ethereum.

Saravana Kumar Mahendran by Saravana Kumar Mahendran
July 11, 2026
in Security & Hacks
0 0
Suspected Hedera DeFi Hack Moves $5.8 Million to Ethereum

Created by Cryip

Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle

A Bonzo Lend oracle verification exploit allowed an attacker to borrow approximately $9.05 million using a manipulated SAUCE price before part of the extracted assets was moved from Hedera to Ethereum. The incident was first detected through cross-chain fund movements and was initially reported as a suspected Hedera DeFi hack.

On-chain investigator Specter initially reported that millions of dollars in assets were being bridged from Hedera to Ethereum through LayerZero, with some wrapped Bitcoin later converted into ETH. Bonzo Finance subsequently confirmed that the affected application was Bonzo Lend and attributed the incident to a flaw in a third-party oracle’s verification process. Bonzo estimated that the primary attacker borrowed approximately $9.05 million after submitting a manipulated price for the SAUCE token. The protocol said its lending contracts and Hedera’s underlying consensus network were not compromised

There appears to be an ongoing hack involving @hedera Network, with over $3.7M already bridged to Ethereum by the attacker.

The stolen funds are currently being swapped from WBTC for ETH after being bridged from the Hedera network via Layerzero.

Theft addresses:… pic.twitter.com/KSxd3K2vlu

— Specter (@SpecterAnalyst) July 11, 2026

Funds Bridged and Converted to ETH

Specter identified two Ethereum addresses linked to the early cross-chain movements:

  • 0x9A4966152F6e10b33Cb7a37975e8619816d6a494
  • 0xaf20D792A19fD42dCf697ceBa6100291D96dD93e

The initial estimate of funds moved to Ethereum rose as additional transactions were detected. The receiving wallets held ETH and WBTC, while portions of the wrapped Bitcoin were exchanged for ETH after crossing the network. LayerZero appears to have served as the route used to bridge the assets rather than the source of the vulnerability. Bonzo’s incident report also said its separate bridge product was not affected and continued operating normally.

Cross-chain movements remain important in post-exploit investigations because attackers can divide, exchange or obscure assets after leaving the original network. The Kelp DAO case showed how stolen funds can be rapidly routed through services such as THORChain, Tornado Cash and Bitcoin privacy tools, leaving only a small portion directly traceable. No comparable laundering route had been confirmed in the Bonzo incident during the initial tracking period. The bridge activity represented only part of the wider economic impact, which Bonzo later calculated from the assets borrowed from its lending pool.

Related Story

CodexField on BNB Chain Faces Rug Pull Allegations

BNB Chain Project CodexField Faces Rug Pull Claims After Abnormal Fund Transfers

July 10, 2026
Hackers Target Injective Wallet Keys Through Compromised npm Package

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

July 10, 2026

Manipulated SAUCE Price Enabled Excessive Borrowing

According to Bonzo, the exploit began at approximately 00:51 UTC on July 11, when the attacker submitted a manipulated SAUCE price to an on-demand oracle contract on Hedera. SAUCE was trading at roughly 0.2 HBAR, but the malicious update inflated the token’s value by around 12 orders of magnitude. The oracle verifier accepted the update even though it contained a zeroed signature rather than a valid signature from the authorised oracle committee.

The @bonzo_finance lend protocol has been temporarily paused.

The Bonzo Finance Labs team is investigating volatile markets across Bonzo Lend and diligently working alongside partners during this investigation.

The team will continue to provide updates as they become…

— Bonzo Finance Labs (@bonzo_finance) July 11, 2026

Eight seconds after the false price was recorded, the attacker used a deposit of 250 SAUCE, worth only a few dollars, as collateral to borrow:

  • Approximately 6.63 million USDC
  • More than 34.5 million WHBAR

Bonzo said the verifier incorrectly approved the submission because both the signature point and the referenced committee public key resolved to zero, allowing the cryptographic check to return a valid result. The incorrect price remained active until legitimate oracle publishing restored SAUCE to about 0.1964 HBAR at 01:36 UTC. Bonzo Lend was paused five minutes later.

The protocol identified Supra as the oracle provider whose verification infrastructure accepted the invalid update. Bonzo said Supra acknowledged the issue and deployed a fix to the affected verifier contract on Hedera mainnet.

Bonzo Places Primary Impact at $9.05 Million

Bonzo calculated the principal borrowed by the malicious wallet at approximately $9.05 million, based on an HBAR reference price of $0.06998 and USDC valued at $1. A second wallet borrowed roughly $1 million while the manipulated price remained active. That wallet later contacted Bonzo, identified itself as a white-hat responder and stated that it intended to return the assets. Bonzo excluded this amount from its headline impact figure, although total borrowing during the abnormal pricing period reached approximately $10.06 million.

The incident adds to a wider increase in operational and infrastructure-related security risks across Web3. Crypto projects lost about $1.31 billion across 344 incidents during the first half of 2026, with attackers increasingly targeting privileged access, key management and supporting infrastructure alongside smart-contract vulnerabilities. Bonzo cautioned that the $9.05 million estimate represents borrowed principal rather than a final loss calculation. It does not include interest, transaction fees, subsequent swaps, market-price changes or any assets later recovered.

Bonzo Lend and Bonzo Points remain paused while the team evaluates recovery and withdrawal plans. Bonzo Vaults, Bonzo Bridge and single-sided BONZO and XBONZO staking were not affected and continued operating normally. The official findings clarify that the incident was an oracle verification exploit affecting Bonzo Lend, not a compromise of Hedera’s consensus network or LayerZero. Recovery efforts and reimbursement plans are expected to be addressed in later updates.

Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.
Tags: Crypto HacksDeFi

Related Posts

CodexField on BNB Chain Faces Rug Pull Allegations
Scams & Fraud

BNB Chain Project CodexField Faces Rug Pull Claims After Abnormal Fund Transfers

by Saravana Kumar Mahendran
July 10, 2026

CodexField, a project on BNB Greenfield and BNB Smart Chain, is facing rug pull allegations after on-chain analyst Specter identified...

Read moreDetails
Hackers Target Injective Wallet Keys Through Compromised npm Package

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

July 10, 2026
Zapper to Shut Down After Nearly Seven Years in DeFi

Zapper to Shut Down After Nearly Seven Years in DeFi

July 9, 2026
Ethereum User Loses Nearly $1 Million USDT in Phishing Token Approval Exploit

Phishing Approval Drains 999K USDT From Ethereum Wallet

July 9, 2026
Ctrl Wallet to Permanently Shut Down

Ctrl Wallet to Permanently Shut Down on August 3 After Cardano Security Exploit

July 7, 2026
Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

July 7, 2026
Web3 Security Losses Hit $1.31 Billion

Web3 Security Losses Hit $1.31 Billion in H1 2026 as Drift Protocol Hack Tops $285M

July 7, 2026

Recommended

  • All
  • News
Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin's Biggest Long-Term Risks

Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

July 11, 2026
Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

July 11, 2026
Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
AI Agents Now Have a New Internet Court to Settle Disputes

AI Agents Now Have a New Internet Court to Settle Disputes

July 10, 2026
Ledger Researchers Disclose Tangem Card Flaw

Ledger Researchers Reveal Laser Flaw in Tangem Cards as Firm Downplays User Risk

July 10, 2026
Circle Receives Final OCC Approval to Launch National Trust Bank

Circle Wins Federal Approval to Launch Regulated Digital Asset Trust Bank

July 10, 2026
Binance CEO Says 70% of EU Crypto Withdrawals Now Go to Self-Custodied Wallets After MiCA

Binance CEO Says 70% of EU Crypto Withdrawals Now Go to Self-Custodied Wallets After MiCA

July 10, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera
  • Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks
  • Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.