Loopscale, a decentralized finance (DeFi) protocol built on Solana, suffered a major setback over the weekend, losing more than $5.8 million in an exploit, just two weeks after its official launch.
On April 26, attackers exploited a vulnerability in one of Loopscale’s lending markets, siphoning off approximately 5.7 million USDC and 1,200 Solana (SOL), according to Loopscale co-founder Mary Gooneratne. The losses account for nearly 12% of the protocol’s total value locked (TVL).
Loopscale temporarily halted its lending operations following the incident but later re-enabled limited functions such as loan repayments, top-ups, and loop closings. Vault withdrawals and other key features remain restricted as the team continues its investigation.
The protocol confirmed that the exploit stemmed from an isolated issue with the pricing of RateX-based collateral, allowing attackers to take a series of undercollateralized loans. An investigation is ongoing to determine the full scope of the breach and explore recovery options.
Launched on April 10, Loopscale is the successor to Bridgesplit, a project that originally focused on NFT-based yield products. Backed by Solana Labs, Coinbase Ventures, and other investors, Loopscale raised $4.25 million in venture capital funding back in 2021.
Unlike traditional pool-based lenders like Aave or Solend, Loopscale runs an order book-based system designed to offer more predictable lending terms. Earlier this year, the protocol was audited by security firm OShield, which found several critical vulnerabilities.
Loopscale said it fixed all the major issues flagged in that audit, while a separate audit by Sec3 is still ongoing.
Despite these efforts, Loopscale has now become the latest DeFi platform to suffer an exploit in 2025. It’s part of a growing trend this year, with major incidents like Bybit’s record $1.46 billion hack, which was linked to North Korea’s Lazarus Group. Other recent hacks include a $49 million loss at stablecoin neobank Infini and a $7 million oracle attack at decentralized exchange KiloEX.
According to blockchain security firm PeckShield, hackers stole more than $1.6 billion from crypto exchanges and on-chain projects in just the first quarter of 2025 — with the Bybit hack making up the bulk of those losses.
After the $5.8 million exploit, Loopscale has re-enabled loan repayments, top-ups, and loop closing, but Vault withdrawals and other app features are still paused. The team traced the hack to a pricing issue with Loopscale’s RateX-based collateral, not with RateX itself.
Only depositors in the SOL and USDC Genesis vaults were affected. An investigation is underway to find out how the exploit happened, who’s behind it, and how to recover the stolen funds. Loopscale is working with law enforcement and security experts and will soon share more updates, including a full technical breakdown and withdrawal details for users.
Also Read: KiloEx Hacker Returns Stolen Funds Just Days After Hack
