Rhea Finance disclosed the reason for the attack, a flaw in the slippage protection logic led to a loss of 18.4 million dollars

According to RHEA Finance's official disclosure, the NEAR ecosystem lending protocol RHEA Finance (formerly known as Burrow Finance) experienced a margin trading feature hack, resulting in a loss of approximately $18.4 million.

The attacker began laying the groundwork several days prior by creating multiple fake token pools on Ref Finance and injecting liquidity, constructing a malicious exchange route that exploited a vulnerability in the protocol's slippage protection mechanism—this mechanism did not account for the scenario where intermediate tokens were reused when calculating the minimum output of multi-step exchanges—leading to the borrowed debt tokens being directed into fake token pools controlled by the attacker, triggering a large-scale forced liquidation that ultimately drained the protocol's reserve pool. During the attack, the attacker deleted a total of 55 intermediate accounts to cover their tracks. Currently, the attacker has returned approximately 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract, while another 4.34 million USDT has been frozen (of which Tether froze 3.291 million and NEAR Intents froze 1.053 million). The protocol contract has been suspended, and the team is collaborating with centralized exchanges for joint tracking and has notified relevant law enforcement agencies.