Lending protocol Bonzo loses 77% of value locked as $9 million oracle exploit rattles Hedera

TL;DR

Bonzo, a lending protocol on Hedera, experienced a major security breach involving a $9 million oracle exploit, causing a 77% decline in its total value locked. The incident highlights vulnerabilities in DeFi protocols and raises questions about security practices.

Bonzo, a decentralized lending protocol on the Hedera network, has lost approximately 77% of its value locked following a $9 million exploit targeting its oracle system, according to initial reports. This security breach has caused significant financial damage to users and raises concerns about protocol vulnerabilities in the DeFi space.

The incident was first reported today by blockchain security firm HazeSec, which identified a malicious exploit involving the platform’s oracle mechanism. The exploit allowed attackers to manipulate price feeds, leading to a large withdrawal of assets and a sharp decline in the protocol’s total value locked (TVL). Bonzo’s TVL was estimated to have fallen from around $12 million to roughly $3 million, representing a 77% decrease.

According to HazeSec, the attack exploited a flaw in Bonzo’s oracle setup, which relies on external data sources to determine collateral values. The breach appears to have been orchestrated over several hours, with attackers siphoning off approximately $9 million worth of assets. Bonzo has not yet issued a detailed statement but has temporarily paused operations to investigate.

At a glance
breakingWhen: developing, incident reported today
The developmentBonzo’s total value locked dropped sharply following a $9 million oracle exploit, resulting in a 77% loss of assets on the platform.
Crypto market snapshot
Fear & Greed Index
26/100 — Fear
Bitcoin BTC$63,822▼ 0.5%
Ethereum ETH$1,797▼ 0.1%
Tether USDT$0.9993▲ 0.0%
BNB BNB$571.96▼ 0.8%
USDC USDC$0.9998▼ 0.0%
XRP XRP$1.09▼ 1.6%
Solana SOL$76.46▼ 1.9%
TRON TRX$0.3297▼ 0.0%
Live data · CoinGecko · alternative.me (24h change)

Impact of the Oracle Exploit on DeFi Security

This incident underscores the ongoing risks associated with oracle vulnerabilities in decentralized finance (DeFi). Oracles are critical for providing external data to smart contracts, but their security weaknesses can be exploited, leading to significant financial losses. The breach at Bonzo highlights the need for improved security measures and risk management strategies within DeFi protocols, especially those handling large sums of assets.

TANGEM Crypto Wallet Pack of 2 – Trusted Cold Storage Hardware Wallet for Bitcoin, Ethereum, NFTs & Altcoins – 100% Offline Crypto Cold Wallet

TANGEM Crypto Wallet Pack of 2 – Trusted Cold Storage Hardware Wallet for Bitcoin, Ethereum, NFTs & Altcoins – 100% Offline Crypto Cold Wallet

Proven security at scale: Over 9 years and millions of cards issued with no known remote hacks, while…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Previous Oracle-Related Incidents in DeFi

Oracle exploits have been a recurring issue in DeFi, with notable incidents including the 2022 Poly Network attack and various other smaller breaches. These events have repeatedly exposed the vulnerabilities of relying on external data sources, prompting calls for more robust oracle solutions and security audits. Bonzo’s recent attack adds to this pattern, emphasizing the importance of security in protocol design.

“The attack exploited a flaw in Bonzo’s oracle setup, allowing malicious actors to manipulate asset prices and drain funds.”

— HazeSec Security Team

PROOF Wallet | Slim Minimalist Wallets for Men | Leather & Metal | RFID Wallet | Front/Back Pocket | Gift Box | Veteran Owned (Founder (Brown Leather | Dark Gun Metal))

PROOF Wallet | Slim Minimalist Wallets for Men | Leather & Metal | RFID Wallet | Front/Back Pocket | Gift Box | Veteran Owned (Founder (Brown Leather | Dark Gun Metal))

LIFETIME GUARANTEE: All PROOF wallets come with a no questions asked, lifetime guarantee. If you break it, we'll…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Details of the Exploit and Future Security Measures

It remains unclear exactly how the attackers exploited the oracle system, including whether any security patches or safeguards were bypassed. The full extent of the damage and the precise timeline of the attack are still being assessed. Bonzo has not yet disclosed whether user funds are recoverable or if additional attacks are possible.

HOWTO Secure and Audit Oracle 10g and 11g

HOWTO Secure and Audit Oracle 10g and 11g

Used Book in Good Condition

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Next Steps for Bonzo and DeFi Security Improvements

Bonzo is expected to release a detailed incident report and implement security upgrades to prevent similar exploits. Industry experts suggest that protocols relying on oracles should review their security measures and consider adopting more resilient solutions. The incident may also prompt increased scrutiny from regulators and auditors in the DeFi sector.

Yubico - Security Key C NFC - Basic Compatibility - Multi-Factor authentication (MFA) Security Key and passkey, Connect via USB-C or NFC, FIDO Certified

Yubico – Security Key C NFC – Basic Compatibility – Multi-Factor authentication (MFA) Security Key and passkey, Connect via USB-C or NFC, FIDO Certified

POWERFUL SECURITY KEY: The Security Key C NFC is the essential physical passkey for protecting your digital life…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

How much was stolen in the Bonzo oracle exploit?

Approximately $9 million worth of assets were drained from Bonzo during the attack, according to initial reports.

What caused the value of Bonzo to drop so sharply?

The exploit manipulated oracle data, leading to a loss of confidence and a withdrawal of assets, which caused a 77% decrease in total value locked.

Is there a risk of similar attacks on other DeFi protocols?

Yes, oracle vulnerabilities are a known risk, and other protocols relying on external data sources should review their security measures to mitigate potential exploits.

Has Bonzo issued a statement about recovery?

Bonzo has not yet provided specific details about recovery efforts but has announced an investigation into the breach.

Will users be able to recover their lost funds?

It is currently unclear whether affected users will be able to recover their assets, as the extent of the breach is still being evaluated.

Source: rss

Nothing in this article is financial or investment advice. Cryptocurrency and precious-metal investments carry significant risk — do your own research and consider a licensed advisor.
You May Also Like

Bank of Japan’s Ueda Announces Major Monetary Policy Shift – Crypto Impacts Revealed!

How will the Bank of Japan’s monetary policy shift under Ueda influence cryptocurrency markets? Discover the potential impacts that lie ahead!

The Compute Reckoning: Anthropic Finally Admits What Customers Suspected for Ten Months

Anthropic reveals that a surge in compute capacity, including a new deal with SpaceX, addresses previous customer experience issues caused by compute shortages.

Kansas Athletics Announces Strategic Jersey Patch Partnership Featuring XRP Cryptocurrency

Kansas Athletics announces a new jersey patch partnership with XRP cryptocurrency, marking a first-of-its-kind collaboration in college sports marketing.

Real‑World Asset Tokenization Market Projected to Reach $12.8 Billion by 2032

Unlock the future of investment with the real-world asset tokenization market projected to hit $12.8 billion by 2032—discover the opportunities and challenges ahead.