Rhea Finance Exploited for at Least $7.6 Million, CertiK Says
Rhea Finance states that Rhea Lend was affected by a coordinated pool manipulation attack, while the Rhea DEX contract was not compromised and both contracts were paused.
Fact Check
The user’s statement closely matches the contents of PANews’ report, which specifically says that according to Rhea Finance’s update, preliminary analysis found a coordinated pool manipulation attack, that Rhea Lend was affected, Rhea DEX was not affected, and both contracts were paused. This directly supports the claim. Separately, AMBCrypto reports that CertiK estimated losses of at least $7.6 million, aligning with the title claim about the scale of the exploit. Confidence is medium rather than high because direct validation of the underlying X post from Rhea Finance and the linked CertiK social post was not possible in this run due fetch failures.
Summary
Rhea Finance suffered a coordinated pool manipulation attack that exploited a leverage trading vulnerability and resulted in about $7.6 million being stolen. The team said Rhea Lend was affected, while the Rhea DEX contract was not. Both contracts have been paused as Rhea Finance works with security firms and law enforcement to recover the stolen funds. CertiK previously said the attacker used fake token contracts and newly created liquidity pools, likely misleading the protocol’s oracle and validation layer.
Terms & Concepts
- Liquidity pool: A pool of crypto assets locked in a smart contract that supports trading and other decentralized finance functions.
- Oracle: A blockchain system that feeds external data, such as prices, into decentralized applications and smart contracts.
- DEX: A decentralized exchange that allows users to trade crypto assets through smart contracts without a centralized intermediary.