Polylog
The Polylog Crypto Intelligence Brief

Morning Edition · Tuesday, July 14, 2026Published at 1:28 AM EDT · New York

Zeroed Oracle Signature Drains $9 Million From Hedera Lender Bonzo Lend

A Supra price feed accepted an all-zero cryptographic signature as valid, letting an attacker borrow millions against 250 SAUCE tokens worth a few dollars.

Zeroed Oracle Signature Drains $9 Million From Hedera Lender Bonzo Lend

An attacker drained roughly $9.05 million from Bonzo Lend, the largest lending protocol on the Hedera network. The attacker exploited a price oracle supplied by a third party rather than any flaw in Bonzo's own contracts, according to CryptoSlate and The Block.

The attack turned on a verification failure in a Supra oracle contract. The attacker submitted a price update whose signature field was set to two zeros, and the committee public key it referenced was also the zero point that cryptographers call the point at infinity. Because both values represented the mathematical identity element, the pairing equation the verifier used returned true, and the contract treated that result as proof of a valid committee signature. The verifier did not screen out zero, identity, or off-subgroup inputs before running its check.

With a forged price accepted, the attacker deposited 250 SAUCE tokens, worth only a few dollars, pushed the reported SAUCE price up by about twelve orders of magnitude, and within seconds borrowed roughly 6.6 million USD Coin and 34.5 million Wrapped HBAR against that tiny collateral. Bonzo Lend's total value locked fell about 77% after the attack, CoinDesk reported.

Bonzo Lend paused the protocol and its points program while it pursues recovery, and Supra acknowledged the defect and deployed a fix. The stolen funds have not been recovered, and the team attributed the loss to the outside oracle rather than its lending logic.

Veracity: Corroborated
93/100
If true, who benefits

The framing that an outside Supra verifier, not Bonzo's own lending code, caused the loss protects Bonzo Lend's reputation and shifts liability to a third-party oracle vendor.

The nuance

Multiple independent outlets confirm the zero-signature mechanism, but the "not our logic" line omits that Bonzo chose to integrate that verifier, and the attacker and stolen funds remain unidentified and unrecovered.

An open-source-intelligence read of how likely this story is true with its real nuance, not a judgment of any outlet. It assesses the claim, weighing independent and adversarial reporting. How we label confidence.

What this means

The failure was not exotic finance but missing input validation in a signature check, a type of bug that recurs because lending markets rely on oracle code they do not write themselves. Every protocol that reads a Supra-style pairing-verified feed shares this weakness, so the exposed parties are any lending, perpetual, or synthetic-asset venue that depends on a third party for its prices. When an oracle can be made to approve any value, collateral ratios lose all meaning and the protocol's entire deposit base becomes borrowable.

What to watch

  • Whether Supra publishes a full post-mortem that names every downstream protocol that used the vulnerable verifier, which would reveal how many other platforms share the exposure.
  • Whether Bonzo Lend recovers or reimburses depositor funds, since a total loss on Hedera's largest lender would drive deposits away from the network.

Observations to monitor, not financial advice.

3 sources

Synthesized from: CryptoSlate · The Block · CoinDesk

Part of a tracked trend

Bridge and Mint Exploits Sustain Heavy DeFi Losses

Over 3-6 months, recurring bridge proof-validation and unauthorized-mint exploits keep monthly DeFi losses elevated, including drains of deprecated contracts.