Rhea Finance discloses the cause of the attack: a flaw in the slippage protection logic led to a loss of $18.4 million

Deep Tide TechFlow News, on April 18, according to official disclosure from RHEA Finance, on April 16, 2026, the margin trading feature of RHEA Finance, a NEAR ecosystem lending protocol (formerly known as Burrow Finance), was compromised by a hacker attack, resulting in losses of approximately $18.4 million.

The attacker began planning several days in advance by creating multiple fake token pools on Ref Finance and injecting liquidity, constructing malicious swap routes, and exploiting a vulnerability in the protocol’s slippage protection mechanism—this mechanism failed to account for the scenario where intermediate tokens are repeatedly used when calculating the minimum output for multi-step swaps—thereby causing the borrowed debt tokens to be routed into fake token pools controlled by the attacker, triggering large-scale forced liquidations, and ultimately exhausting the protocol’s reserve pools. During the attack, the attacker deleted a total of 55 intermediate accounts to cover their tracks.

Currently, the attacker has repaid approximately 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract, and an additional 4.34 million USDT has been frozen (including 3.291 million frozen by Tether and 1.053 million frozen by NEAR Intents). The protocol contract has been suspended. The team is working with centralized exchanges on joint tracking efforts, and has notified the relevant law enforcement agencies.