Rhea Finance announced that it lost $18.4 million as a result of a major cyber attack on its trading platform. This figure was almost twice the initial estimates after the attack. At the beginning of the incident, the loss was thought to be $7.6 million. Details about the attack were included in the report shared by the Rhea team on Friday.
How was the margin trading vulnerability used?
The protocol team stated that the attacker exploited a vulnerability in the margin trading feature. According to the statement, the attacker opened many margin positions through a swap route he specially designed. Meanwhile, the assets borrowed from the system were transferred to the fake token pools prepared by the attacker, and a very small amount of position tokens were returned to the protocol.
As a result of these transactions, positions were left with insufficient collateral and the system automatically initiated liquidations. These liquidations led to the rapid depletion of Rhea Finance’s reserve pool. Although the initial analysis after the attack thought the loss was slightly less, the updated report revealed that the actual loss reached 18.4 million dollars.
Initial measures and assets recovered
After the incident, Rhea Finance team informed the users and temporarily suspended the relevant contracts. This measure aimed to prevent new risks to the protocol. Some of them were identified by both the team and the researchers and were frozen or returned to the protocol.
After the attack, it was announced that approximately 3.36 million USDC and 1.56 million NEAR (approximately 3.5 million dollars in total) were transferred back to the protocol by the attacker. Additionally, 4.34 million USDT was also frozen. Tether CEO Paolo Ardoino was personally involved in this process and confirmed the situation.
In the report published by the Rhea Finance team on the incident, “The borrowed tokens were transferred to the pools created by the attacker; the amount of position tokens returned to the protocol remained insignificant. While the positions were subsequently liquidated due to insufficient collateral, this process almost completely emptied the reserve pool.” He clarified the situation as follows.
Tracking and return call
In the statement made by the company, it was stated that the contracts affected by the attack were suspended and efforts to track approximately $ 5.6 million of the lost tokens were continuing. It was stated that the team was working on a payment and recovery plan aimed at compensating users; However, no details were given about this process.
Following the developments, Alex Shevchenko, co-founder of the blockchain-based platform Aurora Labs and Near Intents, sent a message to the attacker over the chain. Shevchenko stated that the sender identity and associated wallet accounts were identified and requested the return of the remaining assets.
Rhea Finance is known as a credit protocol operating in the field of decentralized finance (DeFi). While the platform offers secured borrowing and leveraged trading opportunities, it has accelerated its security steps after this cyber attack.
The developments once again brought to the agenda that DeFi protocols may be vulnerable to various risks and that security vulnerabilities can sometimes lead to large losses.
