TLDR:
- Attackers deployed fake token contracts and added liquidity to new pools to exploit protocol validation systems.
- The exploit likely misled Oracle mechanisms, enabling the extraction of approximately $7.6 million in funds.
- Rhea Finance paused all contracts as a precaution while working with partners and experts on investigations.
- The team contacted the attacker via on-chain messaging while reviewing transactions to track fund movements.
Rhea Finance has reported a security incident after an attacker exploited its protocol, resulting in losses of about $7.6 million.
The team has paused contracts and begun an investigation while working with partners to address the situation.
Attack Linked to Fake Tokens and Liquidity Pools
Blockchain security firm CertiK disclosed the incident through its alert channel, explaining how the exploit unfolded. According to the report, the attacker deployed fake token contracts and introduced liquidity into newly created pools.
We have seen an incident affecting @rhea_finance
The attacker created fake token contracts and added liquidity in fresh pools, likely misleading the oracle and validation layer.
In total, at least ~$7.6M was extractedhttps://t.co/qxuAFsVCOA
— CertiK Alert (@CertiKAlert) April 16, 2026
This activity appears to have interfered with the protocol’s oracle and validation mechanisms.Â
As a result, the system processed incorrect data, which allowed the attacker to extract funds. CertiK estimated the total loss at approximately $7.6 million.
The alert also referenced on-chain data linked to the attacker’s address. These transactions show how liquidity was added and later used to drain assets from the affected pools.Â
The structure of the exploit suggests a calculated approach rather than a random breach.
Moreover, the use of fresh pools likely reduced immediate detection. This gave the attacker enough time to complete multiple transactions before any defensive action could take effect.Â
The sequence of events indicates that the exploit targeted core protocol functions tied to pricing and validation.
Rhea Finance Responds and Pauses Contracts
Following the alert, Rhea Finance issued a public statement acknowledging the incident. The team confirmed awareness of the issue and stated that contracts were paused as a precautionary step.
The protocol explained that the pause aims to prevent further unauthorized activity. At the same time, the team has started a detailed investigation into the breach. Efforts are ongoing with partners, stakeholders, and external security experts.
Rhea Finance also noted that protecting user positions remains a priority. The team is working to limit any additional exposure while assessing the full scope of the incident. This includes reviewing transaction flows and identifying affected accounts.
In addition, the project confirmed that it has contacted the responsible party through an on-chain message.Â
This approach is often used in decentralized finance cases where direct communication channels are unavailable.
The protocol’s statement included links to specific transaction records. These records provide transparency around the incident and allow independent verification of the activity. Observers can track the movement of funds and the sequence of events tied to the exploit.
While the investigation continues, no further technical details have been released. The team has not yet outlined recovery steps or potential compensation measures. Updates are expected once the review process advances.
For now, the protocol remains paused as a safeguard. Users are advised to monitor official channels for verified updates.Â
The situation remains under review as more information is gathered from on-chain data and security partners.
The post Rhea Finance Hack Shakes DeFi as $7.6M Drained Through Fake Liquidity Trap appeared first on Blockonomi.
Source: https://blockonomi.com/rhea-finance-hack-shakes-defi-as-7-6m-drained-through-fake-liquidity-trap/