Rhea Finance Exploit Losses Climb to $18.4M as Attack Mechanics Come Into Focus

Rhea Finance said losses tied to its recent exploit have risen to $18.4 million following a more detailed review, up from an earlier estimate of $7.6 million. Post-incident analysis indicates the attacker relied on an engineered trading approach rather than a single basic flaw. The project said the exploit used a complex swap route to manipulate margin positions, enabling the attacker to borrow assets and route them into attacker-controlled liquidity pools while returning minimal value to the protocol. The resulting collateral deterioration across multiple positions triggered successive liquidation cycles that progressively drained protocol reserves. Rhea Finance added that borrowed tokens were moved into fake liquidity pools controlled by the attacker, distorting internal accounting and allowing undercollateralized positions to persist without immediate detection. Automated liquidations functioned as intended but were unable to stop losses from accumulating over repeated cycles, highlighting structural weaknesses in how margin trading and liquidity routing interact. Recovery efforts have produced partial results. The attacker has returned 3.36 million USDC and 1.56 million NEAR, valued at roughly $3.5 million. About 4.34 million USDT has been frozen, a move confirmed by Tether CEO Paolo Ardoino. Rhea Finance has paused affected contracts and is working with exchanges and investigators to track remaining funds. The team estimates around $5.6 million is still unaccounted for. Aurora Labs co-founder Alex Shevchenko also issued an onchain warning saying related accounts have been identified and urging the return of remaining assets. The protocol said it is preparing a compensation framework for impacted users, though details have not been disclosed. The incident adds to scrutiny of leverage-driven DeFi design as the investigation continues.