Loopscale loses $5.8M in oracle attack
Partial recovery is already in motion, according to the Loopscale team
Art by Crystal Le with Sham-ann/Shutterstock and Adobe modified by Blockworks
This is a segment from the Lightspeed newsletter. To read full editions, subscribe.
Loopscale Labs had one tough weekend.
Bad actors on Saturday exploited Loopscale’s pricing functions to make loan collateral seem worth more than it really was, resulting in the theft of approximately $5.7 million in USDC and 1,200 SOL (or around 12% of the platform’s total assets.)
It’s obviously not ideal to suffer an exploit just two weeks after launching, but this isn’t your typical “DeFi protocol caught with its pants down” moment. On the contrary, many DeFi folks have rallied behind Loopscale’s response to the exploit, applauding the team’s speed, professionalism and commitment to user recovery.
Loopscale USDC and SOL vault depositors do face losses, though early signs seem to point to a partial or even full recovery.
For those unfamiliar, Loopscale’s story ‘til now unfolds thusly.
Loopscale is a decentralized finance (DeFi) project that automates recursive leverage to make yield farming more efficient. Loopscale’s bread and butter is “looping” — repeatedly borrowing and redepositing assets to amp up yield and capital efficiency. They weren’t the first team to try to morph this premise into a mainstream financial primitive, but they have quickly become one of the most compelling. Honestly, it’s pretty neat work.
While the looping process has historically been dangerous, Loopscale’s system offered automation, liquidation protection features, and a user experience that abstracted away many of those perceived risks. Loopscale’s vaults, known for their attractive yields and tokenized market integrations, became a favorite among farmers looking for structured, lower-friction leverage.
Founded by a small but technically-strong team, Loopscale built a reputation as one of the more serious players among Solana’s DeFi cohort.
At the core of Loopscale’s recent growth was its adoption of RateX’s Principal Token (PT) markets. Simply put, Principal Tokens are created by splitting a yield-bearing asset into two components — principal and yield — allowing users to trade, hedge, or lock in fixed returns more flexibly. In Loopscale’s case, PT tokens were used as collateral in the vaults on the assumption that their pricing would remain tightly aligned to predictable discounting curves.
But then, on April 26, that predictable curve broke.
According to Loopscale, a person with malicious intent manipulated how its vault system priced the RateX PT tokens, making the tokens seem worth more than they were. As a result, the attacker was able to take out a series of loans that were not fully backed by collateral, managing to withdraw $5.7 million USDC and 1,200 SOL from Loopscale’s vaults.
The vulnerability was not in RateX itself, as Loopscale has emphasized. The issue was in how Loopscale’s contracts priced the RateX tokens.
RateX founder Sean Hu explained, “Based on our investigation, the Loopscale incident has been confirmed as an oracle attack. The attacker manipulated the oracle price of collateral on Loopscale to borrow 5.8 million dollars, draining funds from the lending pool. RateX’s protocol itself has no security issues, and no RateX users suffered losses in this incident.”
RateX also confirmed it is assisting Loopscale in tracking the hacker and recovering funds.
As soon as Loopscale detected the exploit, it halted all market functions to prevent further damage — disabling new loops, deposits and withdrawals across the platform while working to triage the situation.
In the immediate aftermath, Loopscale’s handling of the crisis drew frank praise. The team issued a clear initial disclosure, re-enabled critical functions like loan repayments and loop closing by the following day (big for protecting borrowers from unforeseen liquidations), and began coordinating with law enforcement and security professionals.
Then, on April 28, Loopscale announced it had successfully established contact with the attacker. The exploiter had responded to an onchain message proposing a white hat resolution, agreeing (tentatively) to return a portion of the stolen funds in exchange for a bounty.
While Loopscale initially offered a 10% reward, the exploiter countered with a 20% ask, citing frozen assets on crosschain bridges and offering to immediately return part of the stolen funds to prove good faith.
At the time of publication, negotiations remain ongoing. However, the initial signals are positive. A partial return appears to have already occurred, and Loopscale is preparing a detailed post-mortem and structured plan for resuming vault withdrawals. The team has also promised users a clear roadmap for what recovery will look like.
Updated on April 29, 2025 at 2:24 pm ET: Modified to reflect there were no early RateX contributors on the Loopscale team.
Get the news in your inbox. Explore Blockworks newsletters:
- Blockworks Daily: Unpacking crypto and the markets.
- Empire: Crypto news and analysis to start your day.
- Forward Guidance: The intersection of crypto, macro and policy.
- 0xResearch: Alpha directly in your inbox.
- Lightspeed: All things Solana.
- The Drop: Apps, games, memes and more.
- Supply Shock: Bitcoin, bitcoin, bitcoin.
