Loopscale, a Solana-based decentralized finance (DeFi) protocol, is currently negotiating with the hacker who recently exploited its platform for $5.8 million. The discussion centers around the return of the stolen funds in exchange for a bounty. Here’s a comprehensive look at the incident and its aftermath:
The Hack: What Happened?
On April 26, Loopscale experienced a security breach that resulted in the loss of approximately 5.7 million USDC and 1,200 SOL tokens from two of its yield vaults. This prompted Loopscale to temporarily halt its lending markets to investigate and mitigate the exploit.
Negotiations Begin
The day after the hack, the hacker initiated communication via Etherscan, signaling a willingness to return the exploited funds if a bounty was offered. Loopscale responded positively, expressing openness to a “white hat agreement” but seeking to negotiate the bounty percentage, suggesting an initial expectation of 20%.
As a gesture of good faith, the hacker immediately returned 5,000 wSOL tokens following the message exchange. Negotiations are ongoing regarding the remaining funds, with public communication occurring on Etherscan.
Key Details of the Exploit
- Date of Exploit: April 26, 2025
- Amount Stolen: $5.8 million (approximately 5.7 million USDC and 1,200 SOL)
- Impacted Vaults: USDC and SOL yield vaults
- Hacker’s Communication: Via Etherscan, expressing willingness to return funds for a bounty
- Initial Bounty Offer: Loopscale countered with an expectation of 20%
- Funds Returned: 5,000 wSOL returned immediately by the hacker
- Current Status: Negotiations ongoing
Loopscale’s Response and Recovery
Following the attack, Loopscale took the following steps:
- Temporarily halted lending markets to investigate the exploit.
- Re-enabled loan repayments, top-ups, and loop closing.
- Restricted other app functions (including Vault withdrawals) temporarily while ensuring mitigation of the exploit.
What is Loopscale?
Launched on April 10, Loopscale is a DeFi lending protocol built on Solana. It aims to improve capital efficiency by directly connecting lenders and borrowers. Loopscale also focuses on specialized lending markets, including structured credit, receivables financing, and undercollateralized lending.
Broader Context: Crypto Hacks and Bounties
The practice of offering bounties to hackers in exchange for returning stolen funds is common in the Web3 space. However, successful recovery of stolen crypto is often limited. According to reports, only a fraction of the over $1.6 billion in crypto stolen in Q1 2025 has been successfully recovered.
The Loopscale exploit impacted approximately 12% of the protocol’s total value locked (TVL), according to Loopscale co-founder Mary Gooneratne.
Why is this important?
This incident highlights the ongoing security challenges in the DeFi space. While Loopscale is actively working to recover the stolen funds and has resumed some lending operations, the exploit underscores the importance of robust security measures and proactive communication in the event of a breach.
Key Takeaways
- Loopscale experienced a $5.8 million hack affecting its USDC and SOL vaults.
- The hacker is in negotiations with Loopscale to return the funds in exchange for a bounty.
- Loopscale has taken steps to mitigate the impact of the hack and is working to restore full functionality.
- The incident highlights the risks associated with DeFi lending protocols.
