Rhea Finance revises exploit losses to $18.4M, confirms slippage flaw as funds partially recovered

Rhea Finance has revised the impact of its recent exploit, raising estimated losses from $7.6 million to approximately $18.4 million following a detailed internal investigation. The update, released on 17 April, also confirms the attack's root cause and outlines early recovery efforts. This marks a shift from initial detection to post-incident analysis and remediation. Slippage flaw identified as root cause According to Rhea Finance, the exploit targeted its margin trading feature, exploiting a weakness in the protocol's slippage protection mechanism to drain funds from the reserve pool. Preliminary findings indicate that the system aggregated expected output values across multiple swap steps. It did this without accounting for cases in which tokens were reused across transactions.  This allowed the attacker to construct a series of swaps that bypassed the intended protection, diverting borrowed assets into attacker-controlled liquidity pools. The exploit was executed through a coordinated setup involving fake token contracts and manipulated liquidity pools. The move enabled the attacker to distort pricing and trigger a cascade of forced liquidations.  These liquidations ultimately depleted a significant portion of the protocol's reserves. Funds partially recovered as investigations continue Rhea Finance said a portion of the exploited funds has already been recovered or frozen. The attacker has returned approximately $3.3 million in USDC and 1.56 million NEAR to the protocol's lending contract. In addition, around $4.34 million in USDT has been frozen, including funds blocked by Tether, as part of coordinated efforts to limit further movement of assets. The team has also initiated formal tracing procedures with centralized exchanges to identify the attacker. Also, it is attempting to establish direct contact to negotiate the return of the remaining funds. Despite these developments, Rhea Finance cautioned that the findings remain preliminary and may evolve as further on-chain analysis is conducted. Protocol paused as recovery and remediation plans take shape Following the exploit, Rhea Finance paused its lending contracts to prevent further losses and preserve recoverable funds. The protocol is now working with external security teams to complete forensic analysis and implement fixes before any potential relaunch. The team said it plans to use reserve funds and operational resources as part of a broader recovery and compensation framework for affected users, though details are still being finalized. The incident follows initial reports on 16 April that flagged a $7.6 million exploit involving the manipulation of an Oracle through fake tokens. The revised figures and confirmed attack vector now point to a more complex, larger-scale breach than was initially understood. Final Summary Rhea Finance has revised exploit losses to $18.4 million, identifying a slippage protection flaw in its margin trading feature as the root cause. With funds partially recovered and frozen, recovery efforts are underway as the protocol develops a compensation framework and remediation plan.