NEAR Protocol’s largest Decentralized Finance (DeFi) hub, Rhea Finance, suffered a $7.6 million exploit after an attacker manipulated its oracle and validation layer.
Blockchain safety agency CertiK flagged the incident, confirming that property have been drained throughout a number of tokens.
How the Rhea Finance Exploit Unfolded
The attacker deployed faux token contracts and created recent liquidity swimming pools on the protocol. These swimming pools possible distorted worth feeds, deceptive the oracle into validating fraudulent transactions.
Based on CertiK, a minimum of $7.6 million was extracted from Rhea Finance. Stolen funds included USDC, USDT, Zcash (ZEC), and NEAR (NEAR).
Vadim Zacodil, an ex-NEAR core contributor, confirmed the figures and warned customers to observe the scenario carefully.
Withdrawals are presently halted because the crew works to comprise additional injury.
“The attacker created faux token contracts and added liquidity in recent swimming pools, possible deceptive the oracle and validation layer,” CertiK famous.
Why This Issues for NEAR DeFi
Rhea Finance holds a dominant place within the NEAR ecosystem. Fashioned in early 2025 by means of the merger of Ref Finance and Burrow Finance, it serves as the first DEX and lending layer on the community.
The protocol beforehand held over 95% of NEAR’s DeFi complete worth locked, making this exploit vital for all the chain’s DeFi infrastructure.
Oracle manipulation stays one of the persistent vulnerabilities in DeFi, with attackers repeatedly exploiting untested worth feeds and skinny liquidity.
The approaching days will reveal the total scope of losses and whether or not Rhea Finance can safe affected person funds.
The put up NEAR Protocol DeFi Hub Rhea Finance Loses $7.6 Million in Oracle Exploit appeared first on BeInCrypto.