- Rhea Finance losses jump to $18.4M after exploit details emerge
- Attacker strategy used complex swaps to drain lending protocol reserves
- Partial fund recovery underway as investigators track remaining stolen assets
Rhea Finance has confirmed that losses from its recent exploit surged to $18.4 million after a deeper review. The revised figure more than doubles the earlier estimate of $7.6 million. This update shifts attention toward the attacker’s method, which relied on a carefully engineered trading strategy rather than a simple vulnerability.
Complex swap route drives coordinated margin exploit
According to the project’s post analysis, the attacker constructed a complex swap route to manipulate margin trading positions. This approach allowed the attacker to borrow assets and redirect them into controlled liquidity pools. Consequently, the protocol received minimal value in return, which weakened collateral backing across multiple positions.
Also Read: Bitcoin Miners Shift to AI as Security Debate Intensifies Across Network
Moreover, this imbalance triggered a wave of liquidations that steadily drained the protocol’s reserves. Each liquidation cycle compounded the damage, as undercollateralized positions failed to recover sufficient value. As a result, the reserve pool absorbed significant losses while user funds faced exposure.
Besides, the attacker repeated this process across numerous positions, which amplified the overall impact. This pattern suggests a deliberate and calculated strategy rather than an opportunistic breach. Hence, the unfolding details have drawn attention to how leverage features can become entry points for complex exploits.
Attacker strategy exposes weaknesses in margin trading structure
Further findings indicate that borrowed tokens moved into fake liquidity pools controlled by the attacker. Meanwhile, only negligible amounts returned to the protocol, which distorted internal accounting mechanisms. This imbalance allowed the attacker to sustain multiple undercollateralized positions without immediate detection.
Additionally, automated liquidation systems reacted as designed but failed to prevent cumulative losses. The repeated triggering of these mechanisms ultimately depleted the reserve pool over several transaction cycles. Consequently, the exploit revealed structural weaknesses in how margin trading interacts with liquidity routing.
Recovery efforts gain traction as investigators track remaining funds
However, recovery efforts have made partial progress since the incident unfolded. The attacker returned 3.36 million USDC and 1.56 million NEAR, with a combined value near $3.5 million. At the same time, authorities froze approximately 4.34 million USDT, limiting further movement of funds. These actions followed confirmation from Tether CEO Paolo Ardoino.
Rhea Finance has paused affected contracts and continues to collaborate with exchanges and investigators. The team is tracking about $5.6 million that remains unaccounted for. Additionally, Aurora Labs co founder Alex Shevchenko sent an onchain warning, stating that associated accounts have been identified and urging the return of remaining assets.
The protocol is also preparing a compensation framework to address user losses, although specific details remain undisclosed. This step reflects ongoing efforts to stabilize operations and restore confidence among participants.
Rhea Finance now faces increasing pressure as details of the attacker’s strategy continue to emerge. The incident underscores growing risks in leveraged DeFi systems while recovery efforts remain underway.
Also Read: Hyperliquid Surge Sparks $150 HYPE Prediction After Hayes Bold Move
