Bonzo Lend, a lending protocol on Hedera, lost $9.05 million after an attacker exploited a verification flaw in Supra's oracle contract, according to reporting on the incident. The vulnerability allowed the attacker to borrow far beyond their collateral by manipulating price feeds.

The exploit targeted the third-party oracle's price-feed mechanism, a component that lending protocols depend on to value collateral and enforce borrowing limits. Oracle manipulation has emerged as a recurring attack vector across blockchain networks. Hedera has processed more than 71 billion transactions to date, according to network data.

MSB Intel

Bonzo's total value locked fell 77 percent as a result of the drain, according to the reporting. The protocol did not immediately disclose whether users' deposits remained at risk or whether the vulnerability had been patched.

Supra did not respond to requests for comment on the scope of the flaw or whether it affected other contracts using its oracle service. Lending protocols that rely on external price feeds face structural exposure to oracle validation failures, a risk that has prompted some platforms to implement multiple oracle sources or on-chain price averaging.