Rhea Lend
HackedDeFi · ✝ 2026
Fake collateral drained ~$18.4M — then the attacker returned it all.
Rhea Lend was a NEAR-based lending protocol exploited in 2026 for roughly $18.4M via a fake-collateral exploit. The attacker tricked the protocol into accepting bogus collateral, but ultimately returned the full $18.4M.
- Peak
- ~$18.4M stolen (fully returned)
- Cause
- Hacked
- Year of death
- 2026
☠️ Cause of death
A validation flaw let the attacker post fake or invalid collateral and borrow against it; the funds were later returned in full.
📓 Lessons left behind
- —Rigorously validate every accepted collateral token.
- —Whitelist assets rather than trusting caller-supplied collateral.
- —A whitehat return does not excuse the underlying logic gap.
🌱 The idea that survived
Collateral validation
Underscored strict allow-listing and verification of collateral assets in lending protocols.
#defi#collateral#near