A Zero Signature Was Enough to Drain $9 Million From Bonzo Lend

A Zero Signature Was Enough to Drain $9 Million From Bonzo Lend


Cybersecurity padlock over a circuit-board pattern for an article about the Bonzo Lend oracle-verifier exploit. image By Isaac • July 11, 2026 7:49 pm •

A cryptographic signature made entirely of zeros should be the easiest possible input to reject.

On Hedera, it was enough to open a path into Bonzo Lend and turn a deposit worth a few dollars into roughly $9.05 million of borrowed assets.

Trending: Robinhood Just Launched Its Own Blockchain

The strangest part is that the lending protocol appears to have performed its own calculations correctly. It trusted a price that had already passed an upstream oracle check, and that check was where the protection failed.

Bonzo Finance Labs says in its preliminary incident report that Wallet A deposited 250 SAUCE, then submitted a manipulated SAUCE price to Supra’s on-demand oracle contract shortly after midnight UTC on July 11.

SAUCE was trading near 0.2

Continue reading

 

Join the conversation!

Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!