Stablecoin issuer Tether announced on Thursday that it has blocked 3.29 million USDT from hacker wallets linked to the Rhea Finance hack.
The response comes as a measure by the firm to protect user money and prevent the attacker from draining money to any other wallet.
Tether froze 3.29M USDT to the hackers.
Tether cares. https://t.co/014GP5YXoi— Paolo Ardoino 🤖 (@paoloardoino) April 16, 2026
Rhea Finance, a decentralized platform, recently fell victim to a security breach that led to losses of roughly $7.6 million, after an attacker found a way to manipulate the system it uses to track prices.
The incident occurred on the NEAR Protocol network wherein the attacker created fake tokens and added them to newly set up liquidity pools.
The activity generated misleading price data that ultimately confused the platform’s automated checks. Since the DeFi system relies on price signals to decide whether transactions are valid, the false data allowed the attacker to withdraw assets that should have been protected.
Among the funds taken were widely used cryptocurrencies such as USD Coin, Tether, Zcash, and wrapped NEAR tokens.
The hack comes in parallel to the Drift Protocol exploit that saw $286 million being pulled away by suspected DPRK-linked hackers. Despite the magnitude of the hack, the major difference between the two breaches is the swift response and the urgency of barricading the fund outflow from the exchanges.
While Tether was able to control the wild fire damage, the Drift Protocol hack saw a delay in platform reaction, thereby causing a wider than expected loss. Further, the stablecoin issuer Circle had responded to concerns around the Drift Protocol vulnerability by stating that it cannot freeze stolen USDC without a lawful order from the appropriate government.
Rhea Finance hack fits oracle manipulation definition
The Rhea hack incident fits perfectly into what is often described as oracle manipulation, a tactic where criminals distort the information that DeFi platforms depend on to function smoothly.
It’s a known risk in the industry, particularly as protocols become more complex and interconnected.
However, it is interesting to note that Rhea Finance acted quickly by pausing its smart contracts to stop further losses and limit the damage . The team also reached out to the attacker in hopes of negotiating a recovery of funds and brought in security experts to investigate what went wrong and prevent similar incidents in the future.
Tether’s move protects user funds
Tether’s decision to quickly step in after the exploit helped limit the damage of the attack. Though the loss is still significant, the move has stalled the greater damage that could have taken place if the attackers had swept the entire stolen amount.
Chief executive Paolo Ardoino confirmed the move publicly, reinforcing the company’s long-standing stance that it will actively intervene when stolen funds are identified within its system.
As a market impact, not only did the freeze limit the attacker’s ability to move or cash out a significant portion of the stolen money, it also slowed down the damage and gave investigators more time to respond.
Market participants have also viewed the incident as a beacon of stablecoin superiority, highlighting that the tokens are not just hands-off or neutral tools but also operate more like regulated financial infrastructure, with built-in controls that allow issuers to step in during emergencies.
Additionally, Tether’s ability to freeze funds is not new. Over the years, the company says it has worked closely with hundreds of law enforcement agencies around the world to track and recover stolen assets.
It currently operates across dozens of jurisdictions and reports that it has helped recover more than $800 million in illicit or misappropriated funds.