Rhea Finance, a decentralized margin trading protocol built on NEAR and Ethereum, reported a significant security breach this week, with attackers exploiting a vulnerability to drain $7.6 million from its platform. The incident has raised concerns around the safety of DeFi protocols that rely on oracles for price feeds.
Attack exploited oracles and margin trading
The exploit targeted Rhea Finance’s margin trading feature by taking advantage of a flaw in its oracle system. According to CertiK, a leading blockchain security firm that initially flagged the incident, the attacker created counterfeit token contracts and injected them with liquidity in newly established pools.
This manipulation allowed the exploiters to fool Rhea’s validation layer, thereby misrepresenting token values to the protocol and gaining access to borrow significant funds.
The primary contract hit was Rhea Lend, which handles the lending function of the platform. In contrast, the Rhea DEX contract and rNEAR staking pool were not affected. Both smart contracts are now paused as a precaution, and ongoing assessments are being carried out to evaluate risks to other facets of the protocol.
Rhea Finance has since confirmed the breach on its official channels and emphasized that all potentially vulnerable features have been temporarily suspended while further investigations are completed. The development team stated their immediate priority is to safeguard user funds and positions in the aftermath of the incident.
Stolen funds tracked across ETH and NEAR
The attackers moved the stolen assets through two main addresses, one each on the Ethereum and NEAR blockchains. These addresses have now been publicly listed by Rhea Finance to enlist help from the broader cybersecurity and blockchain communities for tracking and recovery.
In their update, the team indicated that discussions with the exploiters are ongoing regarding the possible return of funds. Law enforcement authorities have also been contacted, and established forensic partners are currently aiding with the investigation.
Additionally, NEAR Intents, an automation infrastructure built on NEAR, paused user activity as a safety measure but clarified that no user balances on their own platform were impacted in this incident.
Community response and next steps
Rhea Finance’s developers have reiterated their commitment to keeping the community informed with regular updates through their official channels. Continuous coordination is underway, involving stakeholders, security experts, and law enforcement, with the goal of full incident transparency and recovery of stolen assets.
A detailed post-incident report is set to be released once the investigation concludes. Users are encouraged to monitor official Rhea Finance communication channels for timely updates and security bulletins.
Founded as an open-source DeFi platform, Rhea Finance enables decentralized leveraged trading and lending services for users of NEAR and Ethereum ecosystems. It has aimed to provide secure, non-custodial access to advanced financial products, but the latest attack spotlights challenges facing even established protocols in the fast-evolving DeFi landscape.
