Rhea Finance Says Slippage Safeguard Bug Behind Hack That Cost $18.4M

ChainCatcher report: RHEA Finance said its margin trading feature was exploited in an attack that drained about $18.4 million from the protocol. RHEA Finance, formerly Burrow Finance, is a lending protocol in the NEAR ecosystem. According to the team's disclosure, the attacker spent several days preparing by creating multiple fake token pools on Ref Finance and seeding them with liquidity to build malicious swap routes. The exploit targeted a flaw in the protocol's slippage protection, which did not account for intermediate tokens being reused across multi-step swaps. By routing borrowed debt tokens into the fake pools, the attacker triggered widespread liquidations and depleted the protocol's reserve pool. RHEA Finance said the attacker deleted 55 intermediary accounts during the incident to hinder tracing. So far, the attacker has returned roughly 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract. In addition, 4.34 million USDT has been frozen, including 3.291 million by Tether and 1.053 million by NEAR Intents. The protocol's smart contracts have been paused. The team said it is working with centralized exchanges to track the attacker and has notified relevant law enforcement agencies.