
Bonzo Lend Incident Review: How Did a Zero-Signature Vulnerability Cause the Protocol to Lose $9 Million?
TechFlow Selected TechFlow Selected

Bonzo Lend Incident Review: How Did a Zero-Signature Vulnerability Cause the Protocol to Lose $9 Million?
When validators mistake mathematical identities for proofs of authorization, the protocol-designed loan-to-value ratio rules instead became accomplices.
Author: CryptoSlate
Compiled by: TechFlow
TechFlow Editor's Note: An altcoin collateral worth a few dollars successfully borrowed $9.05 million through a zero-signature vulnerability in the oracle validator. This incident exposes a neglected blind spot in DeFi infrastructure mathematical verification: when the validator mistakes a mathematical identity for proof of authorization, the protocol's designed loan-to-value rules become an accomplice.
Hedera-based lending protocol Bonzo Lend has locked withdrawal functionality after an oracle validator accepted a proof containing zero signatures and public keys, allowing a wallet to borrow $9.05 million using 250 SAUCE tokens as collateral.

As of July 13, Bonzo Lend and Bonzo Points remain suspended, with the protocol's official status page showing Bonzo Lend and all affected asset markets under maintenance.
Liquidity providers remain unable to withdraw while Bonzo Finance Labs and Bonzo Finance Foundation determine the recovery path and reopening conditions.
Wallet A first deposited 250 SAUCE tokens, worth only a few dollars. At 00:51 UTC, it submitted a SAUCE/wHBAR price update, inflating the token's value by approximately 12 orders of magnitude, although the market price remained around 0.2 HBAR.
Eight seconds after the manipulated price reached the oracle's on-chain storage, the wallet borrowed 6.63 million USDC.
Subsequently, it borrowed another 34.5 million wrapped HBAR, bringing the principal extracted by Wallet A to approximately $9.05 million calculated at Bonzo's reference price.
How Zero Values Passed the Validator
The submitted update did not contain valid oracle signatures. Its signature fields were [0, 0], and the referenced committee public key was also the zero point, known in cryptography as the point at infinity.
Supra's validator sent these inputs to Hedera's pairing precompile contract. Since both points represented mathematical identities, the pairing equation returned true by design.
The validator then treated this result as proof of a committee signature because it did not first reject zero values, identities, and non-subgroup inputs.
Simply put, the network correctly answered the equation it received, while the validator mistook this answer for authorization.
Bonzo stated that its lending contracts subsequently executed using the prices stored by the oracle, according to its programmed loan-to-value ratio rules.
Another Wallet B borrowed approximately $1 million while the anomalous price was still valid. The wallet contacted Bonzo, identifying itself as a white hat responder, and declared its intention to return the funds.
Bonzo estimates approximately $1 million has been recovered, although the funds have not yet been returned, and the final amount remains undetermined.
Bonzo reported that Supra has fixed the validator, but the lending pools remain closed.
Remaining issues include whether regression testing confirms the validator rejects identity inputs, whether Bonzo will add price deviation checks or tighten collateral parameters, and how available assets will be handled when resuming withdrawals.
As of July 13, Bonzo's official status page continues to list the incident as unresolved. Its latest formal update released on July 11 stated that the protocol remains suspended.
Bonzo has not yet announced compensation, a reopening date, or user-facing withdrawal terms, leaving liquidity providers dependent on the upcoming recovery plan.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News












