BREAKING — Follow crypto markets live on BlockBriefe • Updated around the clock
defi · 2 min read

Lending Platform Suffers $9 Million Loss in Oracle Attack

By Daniel Harper

Lending Platform Suffers $9 Million Loss in Oracle Attack

How a Tiny Sum Became Millions

A lending platform operating on the Hedera network, Bonzo Lend, has lost roughly $9.05 million. An attacker exploited a vulnerability in a third-party data oracle. The incident, which unfolded rapidly, allowed the perpetrator to borrow substantial assets.

The exploit centered on a manipulated price feed. This single false data point allowed the attacker to convert a small amount of SAUCE tokens into a large sum. The entire operation, from start to finish, took a mere eight seconds.

What is an Oracle Exploit?

The attacker began with just 250 SAUCE tokens. These tokens were worth only a few dollars at the time. However, by manipulating the price feed, the attacker made the system believe these tokens held a much higher value. This inflated valuation then enabled them to borrow $9.05 million. The borrowed assets included USDC stablecoins and wrapped HBAR.

The vulnerability lay in the verification process of the oracle. This system provides external data, like asset prices, to the blockchain. If the oracle feeds incorrect data, the protocols relying on it can be tricked. This is precisely what happened in the Bonzo Lend incident. The attacker essentially tricked the lending protocol into over-collateralizing a tiny initial investment.

# What is Bonzo Lend?

An oracle exploit occurs when an attacker manipulates the external data fed into a blockchain protocol. Oracles are crucial for decentralized finance (DeFi) applications. They bring real-world information onto the blockchain. If this information is compromised, the smart contracts that rely on it can execute faulty transactions. This can lead to significant financial losses for users and the protocol itself.

The incident highlights the critical importance of robust oracle security. Protocols must ensure their data feeds are accurate and resistant to manipulation. Multiple, decentralized oracles are often used to prevent such single points of failure. This attack on Bonzo Lend serves as a stark reminder of these ongoing security challenges in the DeFi space.

# How did the attacker manage to borrow so much money?

Bonzo Lend is a lending protocol built on the Hedera network. It allows users to lend and borrow various cryptocurrency assets. The platform relies on external data sources, known as oracles, to determine asset values for lending and borrowing.

The attacker exploited a manipulated price feed for SAUCE tokens. By artificially inflating the perceived value of a small amount of SAUCE tokens, they were able to trick the Bonzo Lend protocol into allowing them to borrow $9.05 million in other assets, such as USDC and wrapped HBAR.

More stories:

Content written by Daniel Harper for blockbriefe.com editorial team, AI-assisted.

Share:

Leave a comment