TechFlow News: On April 18, RHEA Finance officially disclosed that on April 16, 2026, its margin trading feature—part of the NEAR ecosystem lending protocol RHEA Finance (formerly Burrow Finance)—was hacked, resulting in losses of approximately $18.4 million.
The attacker began preparations several days prior to the incident by creating multiple fake token pools on Ref Finance and injecting liquidity into them, thereby constructing a malicious swap route. Exploiting a vulnerability in the protocol’s slippage protection mechanism—which fails to account for scenarios where intermediate tokens are reused when calculating the minimum output for multi-step swaps—the attacker caused borrowed debt tokens to be routed into fake token pools under their control. This triggered mass forced liquidations, ultimately draining the protocol’s reserve pool. During the attack, the attacker deleted a total of 55 intermediary accounts to obscure their trail.
As of now, the attacker has repaid approximately 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract. Additionally, 4.34 million USDT have been frozen (3.291 million frozen by Tether and 1.053 million frozen by NEAR Intents). The protocol’s smart contracts have been paused, and the team is collaborating with centralized exchanges to jointly trace the funds and has notified relevant law enforcement agencies.
