News Heat Trend
Project Overview
Rhea Finance is a decentralized, non-custodial platform that offers pool-based interest rates. It allows users to supply assets to earn interest and to borrow against them to gain access to liquidity. Rhea Finance was formed from the merger of Burrow and Ref Finance.
Rhea Finance Discloses Attack Cause: Slippage Protection Logic Flaw Leads to $18.4 Million Loss
According to an official disclosure by RHEA Finance, on April 16, 2026, the NEAR ecosystem lending protocol RHEA Finance (formerly Burrow Finance) suffered a hack targeting its margin trading functionality, resulting in losses of approximately $18.4 million. The attacker began preparations several days prior to the incident by creating multiple fake token pools on Ref Finance and injecting liquidity into them, thereby constructing malicious swap routes. Exploiting a vulnerability in the protocol’s slippage protection mechanism—which failed to account for scenarios where intermediate tokens were reused during multi-step swaps—the attacker caused borrowed debt tokens to be routed into fake token pools under their control. This triggered widespread forced liquidations, ultimately draining the protocol’s reserve pool. During the attack, the attacker deleted a total of 55 intermediary accounts to obscure their trail. As of now, the attacker has repaid approximately 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract. Additionally, 4.34 million USDT have been frozen—3.291 million frozen by Tether and 1.053 million frozen by NEAR Intents. The protocol’s smart contracts have been paused, and the team is collaborating with centralized exchanges to jointly trace the funds; relevant law enforcement agencies have also been notified.
Rhea Finance Attack Review: Losses Expand to $18.4 Million, Partial Funds Recovered
Odaily News Rhea Finance has released a post-mortem report on the attack, confirming that the actual loss from the vulnerability is approximately $18.4 million, a significant increase from the initial estimate of around $7.6 million.The attacker constructed complex transaction paths, manipulated liquidity using fake token pools, funneled borrowed assets into pools under their control, and returned only minimal assets. This caused a large number of margin positions to rapidly become undercollateralized and triggered liquidations, ultimately depleting the protocol's reserve funds.Approximately $11.2 million in funds have been recovered or frozen so far. This includes some USDC and NEAR assets returned by the attacker, as well as about $4.34 million in USDT that was frozen (with assistance from Tether).
Tether Has Frozen 3.29 Million USDT in the Rhea Finance Hacker’s Address
Paolo Ardoino, CEO of Tether, tweeted that Tether has frozen 3.29 million USDT in the hacker’s address associated with Rhea Finance. Earlier reports indicated that Rhea Finance was attacked via a fake token contract, resulting in approximately $7.6 million stolen.
CertiK: Rhea Finance Hacked, ~$7.6M Lost
According to security firm CertiK (@CertiKAlert), the DeFi protocol Rhea Finance has been attacked. The attacker created a fake token contract and injected liquidity into a new liquidity pool, apparently aiming to mislead oracles and the verification layer, ultimately withdrawing approximately $7.6 million in assets.
Related news
Rhea Finance Discloses Attack Cause: Slippage Protection Logic Flaw Leads to $18.4 Million Loss
According to an official disclosure by RHEA Finance, on April 16, 2026, the NEAR ecosystem lending protocol RHEA Finance (formerly Burrow Finance) suffered a hack targeting its margin trading functionality, resulting in losses of approximately $18.4 million. The attacker began preparations several days prior to the incident by creating multiple fake token pools on Ref Finance and injecting liquidity into them, thereby constructing malicious swap routes. Exploiting a vulnerability in the protocol’s slippage protection mechanism—which failed to account for scenarios where intermediate tokens were reused during multi-step swaps—the attacker caused borrowed debt tokens to be routed into fake token pools under their control. This triggered widespread forced liquidations, ultimately draining the protocol’s reserve pool. During the attack, the attacker deleted a total of 55 intermediary accounts to obscure their trail. As of now, the attacker has repaid approximately 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract. Additionally, 4.34 million USDT have been frozen—3.291 million frozen by Tether and 1.053 million frozen by NEAR Intents. The protocol’s smart contracts have been paused, and the team is collaborating with centralized exchanges to jointly trace the funds; relevant law enforcement agencies have also been notified.
Rhea Finance Attack Review: Losses Expand to $18.4 Million, Partial Funds Recovered
Odaily News Rhea Finance has released a post-mortem report on the attack, confirming that the actual loss from the vulnerability is approximately $18.4 million, a significant increase from the initial estimate of around $7.6 million.The attacker constructed complex transaction paths, manipulated liquidity using fake token pools, funneled borrowed assets into pools under their control, and returned only minimal assets. This caused a large number of margin positions to rapidly become undercollateralized and triggered liquidations, ultimately depleting the protocol's reserve funds.Approximately $11.2 million in funds have been recovered or frozen so far. This includes some USDC and NEAR assets returned by the attacker, as well as about $4.34 million in USDT that was frozen (with assistance from Tether).
Tether Has Frozen 3.29 Million USDT in the Rhea Finance Hacker’s Address
Paolo Ardoino, CEO of Tether, tweeted that Tether has frozen 3.29 million USDT in the hacker’s address associated with Rhea Finance. Earlier reports indicated that Rhea Finance was attacked via a fake token contract, resulting in approximately $7.6 million stolen.
CertiK: Rhea Finance Hacked, ~$7.6M Lost
According to security firm CertiK (@CertiKAlert), the DeFi protocol Rhea Finance has been attacked. The attacker created a fake token contract and injected liquidity into a new liquidity pool, apparently aiming to mislead oracles and the verification layer, ultimately withdrawing approximately $7.6 million in assets.