News linked to both this project and an event.
According to an official disclosure by RHEA Finance, on April 16, 2026, the NEAR ecosystem lending protocol RHEA Finance (formerly Burrow Finance) suffered a hack targeting its margin trading functionality, resulting in losses of approximately $18.4 million. The attacker began preparations several days prior to the incident by creating multiple fake token pools on Ref Finance and injecting liquidity into them, thereby constructing malicious swap routes. Exploiting a vulnerability in the protocol’s slippage protection mechanism—which failed to account for scenarios where intermediate tokens were reused during multi-step swaps—the attacker caused borrowed debt tokens to be routed into fake token pools under their control. This triggered widespread forced liquidations, ultimately draining the protocol’s reserve pool. During the attack, the attacker deleted a total of 55 intermediary accounts to obscure their trail. As of now, the attacker has repaid approximately 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract. Additionally, 4.34 million USDT have been frozen—3.291 million frozen by Tether and 1.053 million frozen by NEAR Intents. The protocol’s smart contracts have been paused, and the team is collaborating with centralized exchanges to jointly trace the funds; relevant law enforcement agencies have also been notified.
Odaily News Rhea Finance has released a post-mortem report on the attack, confirming that the actual loss from the vulnerability is approximately $18.4 million, a significant increase from the initial estimate of around $7.6 million.The attacker constructed complex transaction paths, manipulated liquidity using fake token pools, funneled borrowed assets into pools under their control, and returned only minimal assets. This caused a large number of margin positions to rapidly become undercollateralized and triggered liquidations, ultimately depleting the protocol's reserve funds.Approximately $11.2 million in funds have been recovered or frozen so far. This includes some USDC and NEAR assets returned by the attacker, as well as about $4.34 million in USDT that was frozen (with assistance from Tether).