A borrower arrives with 250 SAUCE tokens, worth just a few dollars, and shortly after submits a price update. Within moments, they walk away with millions in stablecoins and wrapped HBAR. This incident was not the result of a simple error or a complex attack; it stemmed from a flaw in the oracle verification process.

On July 11, 2026, at approximately 00:51 UTC, Bonzo Lend on the Hedera network experienced a significant drain of funds due to manipulated on-demand oracle updates. Initial estimates suggest that the total loss approached $9 million, with a substantial portion of the stolen assets already being transferred across different chains.

The core issue here is that the price feed itself was not inaccurate in the conventional sense. Instead, the verifier contract responsible for validating price updates mistakenly accepted one with an invalid signature, showcasing a critical vulnerability. This incident highlights how DeFi relies heavily on external data sources, where any gap can become a target for attackers.

With every new report of poor verification, the fallout extends beyond just the immediate victims. Lenders, auditors, and application developers utilizing on-demand oracle data find themselves grappling with diminished trust. Users on the Hedera network faced liquidity issues and a decline in confidence, especially as funds rapidly shifted to Ethereum, complicating recovery efforts.

The oracle's integrity did not break rather, it was the verifier that failed. Bonzo Lend's system relied on an on-demand oracle setup that allowed users to request price updates instantly. While this model offers efficiency, it falters when the verification process is not stringent enough.

Bonzo Finance stated that the incident resulted from a flaw in Supra’s on-chain oracle verifier on Hedera, which accepted a price update with a zeroed or otherwise invalid signature. Supra has acknowledged the problem and implemented a fix for the verifier contract on the Hedera mainnet.

The importance of a signature check cannot be overstated. In an on-demand model, the verifier acts as the final line of defense, ensuring that the updates are legitimate and timely. Any lapse in these checks allows attackers to submit misleading data that could trick the lending pool into accepting false prices.

The exploit unfolded rapidly. The attacker posted collateral of around 250 SAUCE, which, at the time, was worth minimal value. They then submitted a price update to the oracle that inflated the value of SAUCE by an astonishing 12 orders of magnitude.

This material is for informational purposes only and does not constitute financial advice.