RHEA Finance Pinpoints Hack Root Cause: Slippage Safeguard Bug Led to $18.4M Loss

RHEA Finance said its NEAR-based lending protocol, formerly known as Burrow Finance, suffered a cyberattack on April 16, 2026 that compromised its margin trading module and caused losses of about $18.4 million. The team said the attacker prepared days in advance by creating multiple fake token pools on Ref Finance and seeding them with liquidity to build malicious swap routes. The exploit targeted a flaw in the protocol's slippage protection, which did not properly handle multihop swaps where intermediate tokens were reused. By routing borrowed debt tokens through these malicious pools, the attacker triggered widespread liquidations and drained the protocol's reserve pool. RHEA Finance added that 55 intermediate accounts were deleted during the incident in an apparent attempt to hinder tracing. So far, the attacker has returned roughly 3.359 million USDC and 1.564 million NEAR to RHEA's lending contract. Another 4.34 million USDT has been frozen, including 3.291 million by Tether and 1.053 million by NEAR Intents. RHEA Finance has suspended its smart contracts. The team said it is working with centralized exchanges to track the funds and has notified relevant law enforcement agencies.