Key Insights:
- Rhea Finance suffers $18.4M crypto hack via margin trading flaw.
- The attacker used fake pools and swap routes to drain reserves.
- The incident raises fresh concerns about DeFi slippage protection.
Rhea Finance, a lending protocol in the NEAR ecosystem, was recently targeted in a crypto hack. It resulted in approximately $18.4 million in financial losses. This hack occurred due to some vulnerabilities discovered in the margin trading function of the platform.
Rhea Finance Loses $18.4M in Crypto Hack Attack
In light of a series of crypto hacks reported in the DeFi world, yet another incident has been discovered. The latest victim on the list is the DeFi platform Rhea Finance, part of the NEAR Protocol. Hackers reportedly attacked Rhea Finance via vulnerabilities in the slippage protection feature, draining all liquidity from the main pool.
Consequently, hackers have left behind considerable damage to the protocol’s funds. Following the recent attack, Rhea Finance management stated that they are now willing to use their available resources to recover the losses for affected users.
According to the latest confirmation from Rhea Finance, the crypto hack drained around $18.4 million from its lending protocol. This is significantly higher than the earlier estimates of around $7.6 million.
This crypto hack comes on the heels of the Drift Protocol breach, which resulted in a $280 million loss. The attackers used fake identities and malware links to defraud investors.
Post-Mortem Reveals How $18.4M Exploit Unfolded
Soon after the crypto hack, Rhea Finance released a post-mortem report explaining that the attacker used a carefully designed swap path to manipulate the system. This helped them open a large number of margin trading positions.
As noted by Rhea Finance, it was not a random crypto hack. But it was a structured, planned one that took advantage of how the protocol handles trades.
According to the report, the attacker redirected borrowed debt tokens into fake token pools they controlled. In return, only a very small number of position tokens was returned to the protocol. This imbalance left many positions undercollateralized, triggering liquidations across the system.
The report read – “Borrowed debt tokens were funneled into the attacker’s fake token pools, while only a negligible amount of position tokens were returned to the protocol.
The report added that the positions were then left undercollateralized. This triggered liquidations that “resulted in the depletion of the protocol’s reserve pool.”
These forced liquidations drained the protocol’s reserve pool, leading to real financial losses for both the protocol and its users. The team confirmed that the exploit directly impacted reserves and resulted in “realized losses” within the system.
How This Crypto Hack Exposes DeFi Security Concerns?
It is important to note that the crypto hack at Rhea Finance had a significant impact on users and the DeFi industry as a whole. Liquidity providers in the affected pools are currently experiencing financial losses directly from this issue. In addition, the protocol’s native token, RHEA, has lost value following the hack.
The current case has also increased awareness regarding the issues with DeFi protocols that have unique elements, such as slippage protection. Currently, the security and auditing teams are analyzing similar cases and mechanisms used by other protocols to avoid any future exploits.