Rhea Finance Hit by DeFi Exploit, Losses Estimated at $18.4M

Rhea Finance, a lending protocol in the NEAR ecosystem, has reported an estimated $18.4 million loss following an exploit tied to a flaw in its margin trading functionality. The attacker is believed to have abused the protocol's slippage protection mechanism by crafting fake liquidity pools and engineered swap routes. This setup enabled the opening of numerous margin positions and ultimately drained liquidity from the protocol's main pool. Rhea Finance said the latest figure is materially above earlier estimates of about $7.6 million. In a postmortem, the team said borrowed debt tokens were routed into attacker-controlled pools, while the protocol received only a negligible amount of position tokens in return. The resulting imbalance left many positions undercollateralized, triggering liquidations across the system. Rhea Finance said these forced liquidations depleted the reserve pool and produced "realized losses" affecting both the protocol and users. Rhea Finance said it is assessing available resources to pursue recovery for impacted users. The incident has renewed scrutiny of DeFi safeguards such as slippage protection, with security and audit teams reviewing similar mechanisms across other protocols. Liquidity providers in affected pools have taken losses, and the protocol's native token, RHEA, has declined following the exploit. The exploit follows other high-profile DeFi incidents, including a reported breach at Drift Protocol that was linked to $280 million in losses.