$18.4M Exploit Hits Rhea Finance's DeFi Protocol Amid Fake Token Manipulation

Severity: High (Score: 66.0)

Sources: Mexc, Panewslab, Bitget, Theblock.Co

Summary

Rhea Finance experienced a significant exploit on April 16, 2026, resulting in losses estimated at $18.4 million, more than double initial estimates of $7.6 million. The attack targeted the protocol's margin trading feature, where the attacker utilized a deliberately constructed swap route to create fake token pools. This manipulation allowed the attacker to funnel borrowed debt tokens into these pools, leading to undercollateralized positions and subsequent liquidations. The Rhea Lend smart contract was directly affected, while the Rhea DEX contract remained secure but was paused as a precaution. Recovery efforts are ongoing, with some funds already returned or frozen, including approximately $3.5 million in USDC and NEAR. The protocol is working with exchanges and law enforcement to trace the remaining stolen assets. A full incident analysis report is expected to be released soon. Key Points: • Rhea Finance lost approximately $18.4 million due to a sophisticated exploit. • Attackers manipulated liquidity pools using fake token contracts to trigger liquidations. • Ongoing recovery efforts have led to some funds being returned or frozen.

Key Entities

• Data Breach (attack_type)
• Rhea Finance (company)
• RheaFinance (company)
• Ethereum (company)
• NEAR (platform)