$7.6M DeFi Exploit Rocks Rhea Finance as Hackers Manipulate Swimming pools in Hours

Key Takeaways:

Rhea Finance is the sufferer of a ~ $7.6M exploit of its margin buying and selling system. Faux tokens and liquidity swimming pools have been used to govern costs and drain funds by attackers. Contracts stopped, restoration additionally in progress and police additionally concerned. 

One other new exploit within the DeFi ecosystem has come out, and Rhea Finance has verified a strategic assault on its lending infrastructure. The accident has taken place inside a brief time frame compelling the staff to halt the most important contracts and begin the restoration course of.

Exploit Targets Margin Buying and selling and Lending Contracts

Rhea Finance mentioned the attacker exploited a vulnerability in its margin buying and selling characteristic. This allowed a coordinated manipulation of liquidity swimming pools tied to the lending system.

The Rhea staff want to present an replace concerning the current exploit.

Since figuring out the state of affairs roughly 10 hours in the past, now we have been targeted on safeguarding customers and coordinating restoration efforts throughout all fronts.

— Rhea Finance (@rhea_finance) April 17, 2026

The affected element was the Rhea Lend sensible contract. The decentralized change (DEX) contract was not impacted, however each techniques have been paused as a precaution.

Blockchain safety agency CertiK estimated losses at round $7.6 million. It was alleged that the attacker had generated pretend token contracts and pumped up the brand new swimming pools. This most likely corrupted oracle pricing, and skipped validation.

The attacker may additionally get hold of funds by exploiting these inputs earlier than abnormalities grew to become noticeable by the system.

Learn Extra: Resolv Burns 46M USR After $80M Exploit, Wipes Out Illicit Provide in Main Restoration Push

Instant Response and Fund Restoration Efforts

Rhea appeared hastening alongside when he noticed the trick. Inside hours, the staff halted impacted contracts and began monitoring pockets addresses of the attacker each inside Ethereum and NEAR.

What the Staff Is Doing Now

The protocol proved the presence of numerous energetic steps:

Going forward to barter with the attacker to have left funds returned Outsourcing the providers of a safety company to conduct forensic investigation and conduct title monitoring Notifying the legislation enforcement with the intention to support investigation and restoration 

The staff additionally highlighted that no rNEAR was impacted and it’s nonetheless in operation. This assisted in curbing the unfold of influence to the customers within the ecosystem. In accordance with Rhea, the precedence is on defending the customers. A complete autopsy report ought to be anticipated after the state of affairs is put comfy.

Rising Sample of DeFi Exploits

The case is part of a rising record of assaults on DeFi protocols in current weeks. The exploits have gotten increasingly more centered on subtle techniques resembling oracles, liquidity swimming pools and margin techniques.