Rhea Finance misplaced $7.6M in a margin buying and selling exploit. Attackers used faux token swimming pools to control oracles. Right here’s what occurred.
Rhea Finance suffered a serious safety breach this week. Attackers drained not less than $7.6 million from the protocol.
The incident focused the platform’s margin buying and selling function. Blockchain safety agency CertiK flagged the assault in a public alert. Restoration efforts at the moment are underway.
Associated studying:
Russia’s Grinex Hit by $13M Crypto Hack, Buying and selling Suspended
How the Rhea Finance Assault Unfolded
In response to CertiK, the attacker created faux token contracts. They then added liquidity to freshly created swimming pools. This doubtless misled Rhea’s oracle and validation layer.
The manipulation gave the attacker leverage to siphon funds from the protocol.
We now have seen an incident affecting @rhea_finance
The attacker created faux token contracts and added liquidity in contemporary swimming pools, doubtless deceptive the oracle and validation layer.
In complete, not less than ~$7.6M was extractedhttps://t.co/qxuAFsVCOA
— CertiK Alert (@CertiKAlert) April 16, 2026
Rhea Finance confirmed the exploit on its official channels. Moreover, the staff recognized a vulnerability in its Margin Buying and selling function.
Attackers used this weak point to execute a coordinated pool manipulation assault. The Rhea Lend sensible contract took the direct hit.
Notably, the Rhea DEX contract was not affected. Furthermore, the staff clarified that rNEAR additionally remained untouched. Each contracts are at present paused as a protecting measure.
The pause particularly targets safeguarding the Rhea Lend aspect of the protocol.
Funds Being Tracked Throughout ETH and NEAR
Rhea Finance shared two addresses linked to the attacker.
One sits on the Ethereum community, the opposite on NEAR. The staff printed each addresses publicly to assist monitoring efforts. Therefore, this transfer alerts energetic coordination with the broader crypto safety group.
Funds are actively being recovered and the staff is in communication with the concerned get together relating to the return of the remaining funds.
The addresses at present being tracked embrace:
• ETH: https://t.co/Bdww6YP54a• NEAR: https://t.co/3jLK1KU30U
— Rhea Finance (@rhea_finance) April 17, 2026
The Rhea staff additionally reached out to the attacker via an on-chain transaction. Negotiations round returning the remaining funds are ongoing.
A number one safety staff now helps forensic investigation and fund monitoring. In addition to, regulation enforcement has additionally been notified.
NEAR Intents responded swiftly to the scenario. Exercise on NEAR Intents and close to.com was quickly paused.
The pause got here as a precaution whereas the staff assessed linked transactions. Moreover, NEAR Intents confirmed no consumer funds on its platform had been misplaced or stolen.
What Comes Subsequent for Rhea Finance Customers
Rhea Finance stated defending consumer positions stays its high precedence. Furthermore, the staff has been working continuous since figuring out the incident roughly ten hours after it occurred.
A number of companions, stakeholders, and safety consultants at the moment are concerned within the response.
A full incident report is anticipated to observe the continued investigation.
In addition to, the staff will present updates as new particulars emerge. Customers are suggested to watch official Rhea Finance channels for additional bulletins.