What happened to Rhea Finance on NEAR Protocol?

Rhea Finance suffered a $7.6 million exploit involving oracle manipulation and fake token contracts. The attack drained multiple assets and forced the protocol to pause withdrawals. The incident has raised concerns across the NEAR DeFi ecosystem.

How did the Rhea Finance exploit work?

The attacker created fake token contracts and added liquidity to new pools. This distorted price feeds used by the protocol’s oracle. As a result, the system validated fraudulent transactions and allowed funds to be drained.

What assets were stolen in the exploit?

The stolen assets included USDC, USDT, Zcash (ZEC), and NEAR tokens. These were extracted through manipulated transactions. The mix of assets suggests the attacker targeted multiple liquidity pools.

What is oracle manipulation in DeFi?

Oracle manipulation involves feeding incorrect price data into a protocol. Attackers exploit weak or low-liquidity price sources to distort values. This can trick smart contracts into executing invalid trades or withdrawals.

Why is this exploit significant for NEAR Protocol?

Rhea Finance was a dominant DeFi platform on NEAR, accounting for over 95% of total value locked. A breach at this scale impacts the entire ecosystem. It raises concerns about security and trust on the network.

What actions has Rhea Finance taken after the attack?

The team has paused withdrawals to prevent further losses. Investigations are ongoing to identify the attack vector and secure the protocol. Further updates are expected as the situation develops.

What are the risks for users affected by the exploit?

Users may face losses depending on how funds are recovered. Access to assets is currently restricted due to paused withdrawals. The final outcome depends on recovery efforts and protocol response.

How common are oracle exploits in DeFi?

Oracle manipulation is a recurring vulnerability in DeFi. It often occurs in protocols with low liquidity or weak price validation systems. Many past exploits have followed similar patterns.

Rhea Finance hit by $7.6M oracle exploit

Written by Liezl GambePublished Apr. 17 2026Last Updated Apr. 17 2026

Rhea Finance, a major DeFi hub on the NEAR Protocol, has suffered a $7.6 million exploit involving oracle manipulation and fake token contracts.

The attack drained assets including USD Coin, Tether USDt, Zcash and NEAR, with withdrawals now paused as the team investigates.

“The attacker created fake token contracts and added liquidity in fresh pools, likely misleading the oracle and validation layer,”

Said blockchain security firm CertiK.

The exploit involved creating new liquidity pools to distort price feeds, allowing the attacker to manipulate the protocol’s oracle system and execute fraudulent transactions.

Rhea Finance, formed from the merger of Ref Finance and Burrow Finance, previously accounted for over 95% of NEAR’s DeFi total value locked, amplifying the impact of the breach. Following the announcement the NEAR ecosystem sentiment was unchanged at $XX.

The incident highlights ongoing vulnerabilities in DeFi infrastructure, particularly around oracle design and liquidity depth.

The full extent of losses and potential recovery efforts remain unclear as the investigation continues.

At the time of reporting, Zcash price was $334.57.