Back

Rhea Finance Loses $7.6 Million in Fake Token Contract Attack

Severity: High (Score: 66.0)

Sources: Panewslab

Summary

On April 16, 2026, Rhea Finance, a DeFi protocol in the NEAR ecosystem, suffered a security incident where attackers created multiple fake token contracts. These contracts misled the protocol's oracle and validation layer, enabling the theft of approximately $7.6 million from liquidity pools. Following the attack, Rhea Finance suspended its affected Rhea Lend smart contract while the Rhea DEX contract remained unaffected. As of April 17, the company is focused on protecting users and recovering funds, having engaged a security team for a forensic investigation. They are also coordinating with law enforcement and plan to release a full incident analysis report later. The attack exploited a vulnerability in Rhea's leveraged trading feature, leading to a coordinated pool manipulation attack. Key Points: • Rhea Finance lost approximately $7.6 million due to fake token contracts. • The attack exploited a vulnerability in Rhea's leveraged trading feature. • Rhea Finance is currently investigating the incident and working on fund recovery.

Key Entities

  • Data Breach (attack_type)
  • Rhea Finance (company)
  • RheaFinance (company)
  • NEAR (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed