A promising new Solana-based DeFi project, Loopscale, suffered a serious security breach just two weeks after its launch. Backed by major players like Coinbase Ventures and Solana Labs, Loopscale lost over $5.8 million, approximately 12% of its total value locked (TVL), in a devastating exploit.
What is Loopscale?
Loopscale, formerly known as Bridgesplit, is a decentralized lending platform on Solana. Unlike traditional pool-based lending protocols like Aave or Solend, Loopscale offers an order book-based system. This approach promises more predictable lending terms and eliminates rate volatility common in variable-rate protocols.
Having raised $4.25 million in venture funding in 2021, Loopscale rebranded and launched its DeFi platform in April 2025, aiming to redefine decentralized lending with stronger stability and efficiency.
Details of the $5.8 Million Exploit
On April 27, Loopscale revealed via X (formerly Twitter) that it had identified the root cause of the attack: an isolated issue involving the pricing of RateX-based collateral.
Loopscale wrote: "The root cause of the exploit has been identified as an isolated issue with Loopscale’s pricing of RateX-based collateral. There is an ongoing investigation into how this happened, who did this, and how we can most effectively recover funds."
The attacker manipulated pricing calculations to drain $5.8 million worth of assets from the protocol.
Despite an earlier audit by security firm in February 2025, which flagged several critical vulnerabilities, this specific bug went undetected. Once again, this shows that audits are not foolproof.
Loopscale’s Response
Following the breach, Loopscale restricted some platform functions to prevent further losses. However, by Saturday evening, they re-enabled important features such as loan repayments, top-ups, and loop closing.
Loopscale co-founder Mary Gooneratne posted: "Our team is fully mobilized to investigate, recover funds, and ensure users are protected."
Loopscale assured users that recovery efforts are underway and pledged greater transparency moving forward.
Broader Implications for DeFi Security
The Loopscale hack joins an already long list of major DeFi security breaches in 2025, including Bybit’s $1.46 billion hack and KiloEx’s $7 million oracle attack. It reaffirms that even well-funded, audited projects are not immune to exploits. Complete audits and reviews, real-time monitoring, and layered security defenses are crucial to safeguard DeFi platforms.
Loopscale’s $5.8 million hack is a stark reminder of the fragility of even the most promising DeFi projects. As Loopscale scrambles to recover the stolen funds and rebuild user trust, the DeFi community must recognize the importance of rigorous and ongoing security practices.
FAQs
1. What is Loopscale?
Loopscale is a decentralized, order book-based lending platform built on Solana, aimed at offering stable and predictable borrowing terms.
2. How did the Loopscale hack happen?
The hacker exploited a flaw in the pricing mechanism for RateX-based collateral, allowing them to steal $5.8 million in assets.
3. Was Loopscale audited before the hack?
Yes, Loopscale was audited by OShield in early 2025, but the audit failed to catch the specific pricing bug exploited.
4. What actions has Loopscale taken since the hack?
Loopscale paused several platform features temporarily, initiated an investigation, and reopened essential services like loan repayments. Recovery and security enhancement efforts are ongoing.
.png)
