# Forged Oracle Signature Drains $9.05 Million From Hedera's Largest Lender

A flaw in a third-party Supra oracle accepted a zeroed cryptographic signature as valid, inflating a token's price by twelve orders of magnitude and letting the attacker borrow far beyond collateral.

- Published: 2026-07-13T05:24:36.830Z
- Canonical: https://polylog.news/crypto/2026-07-13/forged-oracle-signature-drains-9-05-million-from-hedera-s-la
- Publisher: Polylog (Crypto desk)
- Section: crypto
- Sources: [CoinDesk](https://www.coindesk.com/web3/2026/07/11/lending-protocol-bonzo-loses-77-of-value-locked-as-usd9-million-oracle-exploit-rattles-hedera)

The lending protocol Bonzo Lend, the largest decentralized-finance lender on the Hedera network, lost approximately $9.05 million after an attacker exploited a verification flaw in a third-party price oracle, [CoinDesk reported](https://www.coindesk.com/web3/2026/07/11/lending-protocol-bonzo-loses-77-of-value-locked-as-usd9-million-oracle-exploit-rattles-hedera).

The mechanism was a price-manipulation attack that depended on a cryptographic bug. The attacker deposited a small amount of the SAUCE token, then submitted a forged price update that inflated SAUCE's value by roughly twelve orders of magnitude. The manipulated update was accepted because a flaw in the Supra oracle's verifier incorrectly treated a zeroed BLS signature (a compact signature scheme used to attest that price data is authentic) as valid. With the collateral now reading as astronomically valuable, the attacker borrowed roughly 6.6 million USDC and 34.5 million wrapped HBAR against a trivial deposit, and about $5.25 million of the proceeds was bridged to Ethereum.

The root cause sat in the oracle, not in Bonzo's own contracts, which behaved as designed by acting on the price the oracle supplied. Supra acknowledged the vulnerability and deployed a fix. Bonzo paused its Lend and Points products while leaving its vaults, bridge, and staking running. The damage extended beyond the direct loss. Bonzo's total value locked fell 77% and Hedera's network-wide total value locked dropped nearly 40% in 24 hours, as depositors withdrew.

The incident is a clean example of a recurring failure mode. Lending protocols outsource their most sensitive input, the price feed, to external oracle providers, and a signature-verification bug in that provider becomes a total-loss vector for every protocol that trusts it. The attack required no compromise of Bonzo's code at all.

## What this means

Oracle dependence concentrates risk: a single verifier bug in a shared price provider is a systemic fault for every lending market that reads from it, not a bug in any one protocol. The exposed parties are depositors on oracle-dependent lending venues and the smaller layer-1 networks, like Hedera here, where one protocol holds a large share of total deposits, so a single exploit triggers a network-wide withdrawal. The channel is collateral valuation, the input that determines how much can be borrowed.

## What to watch

- Whether other protocols relying on Supra's verifier disclose exposure or pause, which would show the flaw was shared rather than contained to Bonzo.
- Whether the $5.25 million bridged to Ethereum is frozen by exchanges or mixers absorb it, which determines whether any funds are recoverable.
