Solana’s Loopscale Protocol Suffers $5.8M Exploit Amid DeFi Growth

Loopscale, a DeFi lending protocol on Solana, suffered a $5.8 million exploit on April 26, just two weeks after its public launch on April 10, prompting the team to suspend lending operations. The breach, targeting its USDC and SOL vaults, comes as Solana’s DeFi ecosystem faces scrutiny amid rapid growth driven by initiatives like UPXI

Exploit Targets RateX PT Token Pricing

The breach targeted Loopscale’s RateX PT token pricing function, allowing an attacker to manipulate the system and siphon off roughly 5.7 million USDC and 1,200 SOL from the protocol’s USDC and SOL vaults. According to co-founder official statement, the stolen funds represent about 12% of Loopscale’s total value locked (TVL), which stood at approximately $40 million prior to the incident. In response, the platform paused all market activities to investigate the exploit and prevent further losses, though it has since re-enabled loan repayments and account top-ups to stabilize user positions.

Loopscale emphasized in its updated statement,“the root cause of the exploit has been identified as an isolated issue with Loopscale’s pricing of RateX-based collateral. There is no issue with RateX itself related to this.”

Loopscale’s Role in Solana DeFi

Loopscale emerged as a promising addition to Solana’s DeFi landscape, offering a modular, order book-based lending model designed to enhance capital efficiency. Unlike traditional DeFi protocols that pool liquidity, Loopscale matches lenders and borrowers directly with fixed-rate, fixed-term contracts, supporting assets like JitoSOL and BONK alongside its core USDC and SOL vaults. The platform, backed by prominent investors such as Solana Labs, Coinbase Ventures, and CoinFund, had attracted over 7,000 lenders and boasted yields exceeding 5% APR for USDC and 10% for SOL.

Launched after a six-month closed beta, Loopscale aimed to address inefficiencies in DeFi lending by offering structured credit and undercollateralized loan options. However, the rapid exploit has raised questions about the protocol’s security preparedness, especially given its short time in operation.

Loopscale’s exploit follows multiple high-profile attacks in the first quarter of 2025. According to the latest report from web3 bug bounty and security services platform Immunefi, “Q1 2025 marks the worst quarter for hacks in the history of the crypto ecosystem. In total, we have seen a loss of $1,635,933,800 across the ecosystem in Q1 2025. The majority of the funds were lost to hacks.”Notable incidents include the record-breaking $1.46 billion hack of the Bybit exchange in February, a $7 million oracle exploit targeting the KiloEX decentralized exchange, and a $49 million loss from the stablecoin neobank Infini, among others. These events highlight the persistent vulnerabilities in both centralized and decentralized platforms, amplifying concerns over security as the crypto market expands.

In response to this exploit, Loopscale’s team is working with security experts and law enforcement to trace the stolen funds. Loopscale also promised a through follow-up and a full technical post-mortem as the investigation progresses.