Key Highlights
Rhea Finance's post-mortem revised total losses from the initial $7.6 million estimate to $18.4 million, after investigators traced the full scope of an oracle manipulation attack on NEAR.
The attacker drained USDC, USDT, NEAR, and ZEC by deploying fake token contracts and fraudulent liquidity pools to feed manipulated price data to the protocol's oracle.
Roughly $11.2 million has been returned or frozen through a combination of voluntary restitution and Tether's blacklisting of wallets, leaving an estimated $5.6 million still unrecovered.
Rhea Finance, a lending and margin trading protocol on NEAR, published its full post-mortem on April 17, raising the total loss figure from the initial $7.6 million disclosed the previous day to $18.4 million. The revised number reflects the complete drawdown of the protocol's reserve pool after investigators reconstructed the attack path end-to-end.
The exploit turned on oracle manipulation. According to post-mortem findings, the attacker deployed counterfeit token contracts on NEAR, then bootstrapped fake liquidity pools pairing those tokens with legitimate assets.
Trades inside those pools generated an artificial price history that the protocol's oracle accepted as valid, having no requirement for historical depth validation. With manipulated prices registered, the attacker opened large margin positions using the fraudulent tokens as collateral, routed borrowed assets back into the fake pools, and exited, leaving the real reserve pool exposed to a cascade of forced liquidations.
Recovery has been partial. The attacker voluntarily returned $3.36 million in USDC and approximately $1.56 million in NEAR tokens. Tether moved to freeze a further $3.29 million in USDT, and an additional $4.34 million in USDT was independently frozen, bringing the total clawed back to around $11.2 million. The outstanding gap sits at roughly $5.6 million.
Rhea Finance said a compensation and recovery framework is under development, though no timeline or structure has been confirmed publicly.
