Hedera-based lending protocol Bonzo Lend has locked withdrawals after an oracle verifier accepted a proof containing a zeroed signature and public key, allowing a wallet to borrow $9.05 million against 250 SAUCE.
Bonzo Lend and Bonzo Points remained paused as of July 13, while the protocol’s official status page listed Bonzo Lend and all affected asset markets as under maintenance.
Liquidity providers remain unable to withdraw while Bonzo Finance Labs and the Bonzo Finance Foundation determine a recovery path and the conditions for reopening.
Wallet A first deposited 250 SAUCE, worth only a few dollars. At 00:51 UTC, it submitted a SAUCE/wHBAR price update that inflated the token’s value by roughly 12 orders of magnitude even though the market price stayed near 0.2 HBAR.
Eight seconds after the manipulated price reached the oracle’s on-chain storage, the wallet borrowed 6.63 million USDC.
It then borrowed 34.5 million wrapped HBAR, bringing the principal extracted by Wallet A to approximately $9.05 million at Bonzo’s reference prices.


Related Reading
How tokenized stocks fail as collateral even when the stock price does not move
Edel’s exploit was small, but it hit the next frontier for tokenized equities: credit markets, where 1:1 backing is not enough if wrappers, vaults and exchange rates can be gamed.
Jul 2, 2026 Gino Matos
How zeros passed the verifier
The submitted update contained no valid oracle signature. Its signature field was (0,0), while the referenced committee public key was also the zero point, known in cryptography as the point at infinity.
Supra’s verifier sent those inputs to Hedera’s pairing precompile. Because both points represented the mathematical identity, the pairing equation returned true as designed.
The verifier then treated that result as proof of a committee signature because it had not first rejected zero, identity, and off-subgroup inputs.
In plain English, the network answered the equation it received correctly, while the verifier mistook that answer for authorization.
CryptoSlate Daily Brief
Daily signals, zero noise.
5-minute digest 100k+ readers
Whoops, looks like there was a problem. Please try again.
You’re subscribed. Welcome aboard.
Bonzo said its lending contracts then followed their programmed loan-to-value rules using the price already stored by the oracle.

Related Reading
DeFi’s next institutional wave may come from users who never see “behind the scenes” – CEO of Katana
Katana CEO Matt Fisher says DeFi’s next wave may come from products that hide the protocols underneath.
Jun 18, 2026 Gino Matos
A separate Wallet B borrowed roughly $1 million while the abnormal price remained live. That wallet contacted Bonzo, identified itself as a white-hat responder, and stated that it intended to return the funds.
Bonzo counted roughly $1 million as recovered, though the funds had yet to be returned and the final tally was still unsettled.

Related Reading
Digital “Robin Hood” bots steal from hackers but don’t always give back to the poor
As MEV bots become crypto’s accidental emergency responders, users are being left at the mercy of profit-maximizing middlemen.
Jan 25, 2026 · Gino Matos
Bonzo reported that Supra fixed the verifier, but the lending pool remains closed.
The remaining questions include whether regression tests confirm that the verifier rejects identity inputs, whether Bonzo adds price-deviation checks or tightens collateral parameters, and how available assets will be handled when withdrawals resume.
Bonzo’s official status page continued to list the incident as unresolved on July 13. Its latest formal update, posted July 11said the protocol remained paused.
Bonzo has yet to announce reimbursement, a reopening date, or user-facing withdrawal terms, leaving liquidity providers dependent on the recovery plan that comes next.



GIPHY App Key not set. Please check settings