Bonzo, a lending protocol on Hedera, lost 77% of its total value locked after a $9 million oracle exploit drained funds from the platform, marking one of the largest security incidents on the Hedera network.
How the $9 million oracle exploit hit Bonzo on Hedera
The attack targeted Bonzo's oracle infrastructure, the price-feed mechanism that lending protocols rely on to value collateral and trigger liquidations. An attacker manipulated the oracle provider to extract approximately $9 million from the protocol. For related coverage, see Machi Liquidated on 25x ETH Long, Loses $1.9M and Reopens Position.
Bonzo published an incident report confirming the exploit originated at the oracle provider level rather than within its own smart contracts. The distinction matters because oracle exploits can affect any protocol that depends on the same price feed, similar to how a security exploit forced Ctrl Wallet to shut down weeks after its breach. For related coverage, see SecondFi Targets Two-Week Recovery After Cardano Wallet Exploit.
Hedera-based DeFi protocols remain a smaller subset of the broader decentralized finance market, which makes a $9 million loss particularly significant relative to the ecosystem's total liquidity. For related coverage, see Polymarket Launches Combo Trading: What the New Feature Means.
Why Bonzo's value locked fell 77% after the exploit
Following the exploit, Bonzo's total value locked collapsed by 77% as users rushed to withdraw remaining funds. TVL serves as the primary confidence metric for lending protocols; a drop of this magnitude signals that depositors no longer trust the platform to secure their assets.
The withdrawal pattern mirrors what typically follows DeFi exploits: users pull liquidity regardless of whether their specific deposits were affected. The result is a protocol that cannot function as a lending market without sufficient collateral on both sides.
For context, the SecondFi exploit on Cardano triggered a similar confidence crisis, with the team targeting a two-week recovery timeline. Bonzo has not yet announced a comparable recovery schedule.
What the exploit means for Bonzo users and the wider Hedera ecosystem
Users with funds still deposited in Bonzo face uncertainty about recovery. The protocol's incident report acknowledged the oracle provider as the root cause, but has not detailed a compensation plan for affected depositors.
Oracle security remains a systemic concern across DeFi, not unique to Hedera. However, the relatively small size of Hedera's DeFi ecosystem means a single $9 million exploit carries outsized weight on overall network confidence. Protocols sharing the same oracle provider may need to evaluate their own exposure.
The incident underscores why automated security tools and diversified oracle sources have become priorities across chains. For Bonzo, the immediate path forward depends on whether the team can recover funds, patch the vulnerability, and rebuild the trust reflected in its depleted TVL.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.