Loopscale Hacked: $5.8 Million Stolen from Solana DeFi Protocol
Today, April 27, Loopscale, a decentralized finance (DeFi) lending protocol on Solana, was reported to have been hacked. The official statement was released on the X platform at 1:30 AM, indicating that hackers manipulated Loopscale’s RateX PT token pricing function, resulting in the theft of approximately 5.7 million USDC and 1,200 SOL, totaling around $5.8 million, which accounts for about 12% of the protocol’s total locked value (TVL).
Earlier context: ZKSync was hacked, with “attackers minting 100 million zk tokens”! The hackers’ actions led to emergency delistings on exchanges like Bithumb.
Background: Why are North Korean hackers like Lazarus so powerful, often breaching major corporate security networks, making Lazarus a money-making machine for Kim Jong-un’s nuclear weapon development?
Just 20 days after its launch, Loopscale was hacked! This morning, Loopscale reported on the X platform that the manipulation of the RateX PT token pricing function led to the theft of approximately 5.7 million USDC and 1,200 SOL from its liquidity pools. Currently, all Loopscale markets have been temporarily halted while our team conducts further investigations.
At 11:30 AM EST today, the manipulation of Loopscale’s RateX PT token pricing function led to the theft of approximately 5.7 million USDC and 1,200 SOL from the Loopscale USDC and SOL Vaults. All Loopscale markets have been temporarily halted while our team investigates further.
This exploit…
— Loopscale (@LoopscaleLabs)April 26, 2025
Latest Update from the Official Team: Some Functions Have Been Restored
Approximately three hours after the hacking announcement, Loopscale posted an update on the X platform, stating that loan repayments, collateral top-ups, and cycle closure functions have been re-enabled. However, all other application functions, including liquidity pool withdrawals, remain temporarily restricted due to the ongoing investigation and vulnerability remediation. The official confirmation states that the root cause of the attack lies in an isolated issue within Loopscale’s collateral-based pricing mechanism for RateX, which is unrelated to RateX itself.
Update: Loopscale has re-enabled loan repayments, collateral top-ups, and cycle closure functions. All other application functions (including liquidity pool withdrawals) remain temporarily restricted during our investigation to resolve this vulnerability.
The root cause of this attack has been confirmed as an isolated issue within Loopscale’s collateral-based pricing mechanism for RateX, unrelated to RateX itself. The funds lost clearly impact depositors in the SOL and USDC Genesis liquidity pools.
We are continuing to investigate the circumstances surrounding the incident, the perpetrators behind it, and how to most effectively recover the funds. We are actively collaborating with law enforcement and security experts to resolve the issue as soon as possible. We will provide more updates shortly, detailing the specific impacts on users, the operation of liquidity pool withdrawals, and a complete technical post-mortem analysis report.
What is the Loopscale Protocol?
Loopscale launched on April 10, 2025, as a DeFi lending protocol after six months of closed testing. It operates on an order book model, providing fixed-rate loans with direct matching of borrowers and lenders, distinguishing it from traditional liquidity pool-based protocols like Aave.
The protocol supports various collateral types, including SOL, JitoSOL, and BONK, and offers over 40 token pairs for cyclic strategies. Its liquidity pools for USDC and SOL boast annual percentage rates (APRs) exceeding 5% and 10%, respectively, with a total locked value of approximately $40 million, attracting over 7,000 lenders.
In terms of funding, Loopscale previously raised $4.25 million in 2021 under the name Bridgesplit from investors including Solana Labs and Coinbase Ventures, initially focusing on NFT-related products before transitioning to its current lending protocol.
Founders’ Response and Community Reaction
This hacking incident is undoubtedly a major setback for Loopscale, which has just recently gone live. Co-founder Mary Gooneratne expressed on the X platform, “Our team has been fully mobilized to investigate the incident and recover funds, ensuring user rights are protected.” She emphasized that although it is a difficult day, the team is committed to resolving the issue.
In the community, some expressed sympathy for Loopscale’s predicament and wished for a swift recovery of the project. Others urged Loopscale to promptly release a full post-mortem analysis report and properly handle the situation, particularly since the protocol has only recently launched. However, some also voiced concerns about the security of funds, hoping that the official team would effectively safeguard investors’ rights.
Related Reports
Old Gao Discusses “Bybit Theft, North Korean Hackers”: Transaction address encoding is hard to recognize; blame the multi-signers for not confirming.
On-Chain Detective: Bybit North Korean hackers are behind a large number of Solana meme coin scams, familiar with the processes of Pump.fun for laundering.
Chinese hackers infiltrate the US Treasury! Secretary Yellen’s computer was hacked, Musk sarcastically comments: she clicked on a Bitcoin phishing email.