Solana DeFi Protocol Suffers $5.8M Exploit Weeks After Launch

Loopscale, a decentralized finance (DeFi) protocol constructed on Solana, suffered a serious setback over the weekend, dropping greater than $5.8 million in an exploit, simply two weeks after its official launch.

On April 26, attackers exploited a vulnerability in considered one of Loopscale’s lending markets, siphoning off roughly 5.7 million USDC and 1,200 Solana (SOL), in line with Loopscale co-founder Mary Gooneratne. The losses account for almost 12% of the protocol’s complete worth locked (TVL).

Loopscale briefly halted its lending operations following the incident however later re-enabled restricted features reminiscent of mortgage repayments, top-ups, and loop closings. Vault withdrawals and different key options stay restricted because the staff continues its investigation.

The protocol confirmed that the exploit stemmed from an remoted situation with the pricing of RateX-based collateral, permitting attackers to take a collection of undercollateralized loans. An investigation is ongoing to find out the complete scope of the breach and discover restoration choices.

Launched on April 10, Loopscale is the successor to Bridgesplit, a undertaking that initially centered on NFT-based yield merchandise. Backed by Solana Labs, Coinbase Ventures, and different traders, Loopscale raised $4.25 million in enterprise capital funding again in 2021.

Not like conventional pool-based lenders like Aave or Solend, Loopscale runs an order book-based system designed to supply extra predictable lending phrases. Earlier this yr, the protocol was audited by safety agency OShield, which discovered a number of crucial vulnerabilities.

Loopscale mentioned it fastened all the key points flagged in that audit, whereas a separate audit by Sec3 continues to be ongoing.

Regardless of these efforts, Loopscale has now grow to be the most recent DeFi platform to undergo an exploit in 2025. It’s a part of a rising development this yr, with main incidents like Bybit’s file $1.46 billion hack, which was linked to North Korea’s Lazarus Group. Different current hacks embrace a $49 million loss at stablecoin neobank Infini and a $7 million oracle assault at decentralized change KiloEX.

In accordance with blockchain safety agency PeckShield, hackers stole greater than $1.6 billion from crypto exchanges and on-chain tasks in simply the primary quarter of 2025 — with the Bybit hack making up the majority of these losses.

Replace: Loopscale has re-enabled mortgage repayments, top-ups, and loop closing. All different app features (together with Vault withdrawals) are nonetheless briefly restricted whereas we examine and guarantee mitigation of this exploit.
The basis reason behind the exploit has been recognized as an… https://t.co/Pk2pMx8UcK
— Loopscale (@LoopscaleLabs) April 26, 2025

After the $5.8 million exploit, Loopscale has re-enabled mortgage repayments, top-ups, and loop closing, however Vault withdrawals and different app options are nonetheless paused. The staff traced the hack to a pricing situation with Loopscale’s RateX-based collateral, not with RateX itself.

Solely depositors within the SOL and USDC Genesis vaults have been affected. An investigation is underway to learn how the exploit occurred, who’s behind it, and tips on how to get well the stolen funds. Loopscale is working with legislation enforcement and safety consultants and can quickly share extra updates, together with a full technical breakdown and withdrawal particulars for customers.