Bonzo suffers oracle attack losing approximately $9 million, attacker manipulated SAUCE price to borrow huge assets
CoinFeed July 11 news, according to Cointelegraph, the Hedera-based lending protocol Bonzo Finance suffered an oracle attack, losing approximately $9 million. The attacker used the collateral after the SAUCE token price was abnormally inflated, borrowing assets far exceeding their actual value from the protocol. Bonzo's preliminary incident report shows that the attacker deposited only 250 SAUCE (worth only a few dollars), then submitted a price update that artificially inflated the token price by about 12 orders of magnitude. Subsequently, the address borrowed 6.63 million USDC and 34.5 million wrapped HBAR (wHBAR) from the lending pool. It is reported that the incident originated from a vulnerability in the oracle service provider Supra's on-chain oracle validator, which erroneously accepted a SAUCE price data with the signature set to zero.