Author:CryptoSlate
Translation:Deep Tide TechFlow
Deep Tide Insights: A collateral worth a few dollars in an altcoin successfully borrowed $9.05 million through a zero-signature vulnerability in the oracle verifier. This incident exposes an overlooked blind spot in mathematical validation within DeFi infrastructure: when verifiers mistake a mathematical identity for an authorization proof, the protocol's designed loan-to-value ratio rules inadvertently become an accomplice.
The lending protocol Bonzo Lend, based on Hedera, has locked withdrawal functionality after an oracle verifier accepted a proof containing a zero signature and public key, allowing a wallet to borrow $9.05 million using 250 SAUCE tokens as collateral.

As of July 13, Bonzo Lend and Bonzo Points remain paused. The protocol's official status page indicates that Bonzo Lend and all affected asset markets are under maintenance.
Liquidity providers remain unable to withdraw funds while Bonzo Finance Labs and Bonzo Finance Foundation determine a recovery path and conditions for reopening.
Wallet A initially deposited 250 SAUCE tokens, valued at just a few dollars. At 00:51 UTC, it submitted a SAUCE/wHBAR price update, inflating the token's value by approximately 12 orders of magnitude, despite the market price remaining around 0.2 HBAR.
Eight seconds after the manipulated price reached the oracle's on-chain storage, the wallet borrowed 6.63 million USDC.
It then proceeded to borrow 34.5 million wrapped HBAR, bringing the total principal extracted by Wallet A to approximately $9.05 million according to Bonzo's reference price.
How Zero Values Passed the Verifier
The submitted update did not contain a valid oracle signature. Its signature field was [0,0], and the referenced committee public key was also the point at zero, known in cryptography as the point at infinity.
Supra's verifier sent these inputs to Hedera's pairing precompile contract. Since both points represent the mathematical identity, the pairing equation, by design, returned true.
The verifier then misinterpreted this result as proof of a committee signature because it did not first reject zero-value, identity, and non-subgroup inputs.
In simpler terms, the network correctly solved the equation it received, and the verifier mistook that answer for authorization.
Bonzo stated that its lending contract then executed according to its programmed loan-to-value ratio rules, using the price stored by the oracle.
Another wallet, Wallet B, borrowed approximately $1 million while the anomalous price was still active. This wallet contacted Bonzo, identifying itself as a white-hat responder and stating its intention to return the funds.
Bonzo reports that approximately $1 million has been recovered, although the funds have not yet been returned, and the final amount remains undetermined.
Bonzo reported that Supra has fixed the verifier, but the lending pools remain closed.
Remaining questions include whether regression testing confirms the verifier rejects identity inputs, whether Bonzo will add price deviation checks or tighten collateral parameters, and how available assets will be handled when withdrawals resume.
As of July 13, Bonzo's official status page continues to list the incident as unresolved. Its latest formal update, dated July 11, stated the protocol remains paused.
Bonzo has not yet announced compensation, a reopening date, or withdrawal terms for users, leaving liquidity providers dependent on the forthcoming recovery plan.





