Rhea Finance Says Exploit Drained $7.6 Million

Overview

• CertiK, which issued an alert Thursday, traced the theft to counterfeit token contracts and new pools that fed bad prices into the protocol.
• Rhea said the margin lending system, known as Rhea Lend, was hit, while the exchange contract was unaffected but paused as a safeguard.
• The team halted contracts, began tracking the attacker’s wallets on Ethereum and NEAR, and messaged the address on-chain.
• Outside security firms joined to run forensics and help recovery, and the project reported the case to law enforcement.
• The protocol remains paused during the probe, rNEAR continues to operate, and a post-mortem and next steps will follow the investigation.