Rhea Finance hack: $7.6M stolen via fake token pools and oracle manipulation

Published: 2026-04-17 10:48:36 |

Rhea Finance confirmed a major security breach after a CertiK alert tied the exploit to oracle manipulation in its DeFi margin trading system on NEAR and Ethereum. CertiK said attackers deployed counterfeit token contracts and added liquidity to freshly created pools to mislead Rhea’s validation layer, enabling incorrect token valuation and large borrowing. The incident mainly hit Rhea Lend (the lending/borrowing smart contracts). Rhea DEX and the rNEAR staking pool were not affected. To contain damage, Rhea paused the compromised contract side and temporarily shut potentially vulnerable features. Rhea Finance stated about $7.6M was stolen and published two main tracking addresses—one on ETH and one on NEAR—while law enforcement and forensic partners joined the investigation. NEAR Intents also paused related user activity as a precaution, but said no user balances on its platform were lost. For traders, the Rhea Finance hack reinforces that oracle-driven margin/lending markets can remain exploitable even after audits, increasing near-term risk aversion toward DeFi protocols with similar oracle and liquidity-routing designs.

Neutral

This news is likely neutral for the price of the directly mentioned cryptocurrencies (ETH and NEAR). The exploit targeted Rhea Finance’s lending contract logic, and the latest updates indicate no user balances were reported stolen on NEAR’s side, with Rhea pausing the affected components. While the broader DeFi sentiment can turn risk-off (bearish for sector appetite), there is no clear evidence of systemic contagion to ETH or NEAR itself. Short-term: traders may avoid similar DeFi margin/lending setups, but ETH/NEAR spot impact should remain limited without broader chain-level disruptions. Long-term: market effects depend on whether additional protocols with comparable oracle/validation patterns are found vulnerable. If no further incidents emerge and containment is credible, the initial fear may fade quickly; repeated exploits would shift sentiment more negatively.