A hacker responsible for a $5.8 million exploit of the Solana-based protocol Loopscale has agreed to return stolen funds in exchange for a 10% bounty. The attack occurred on April 26th when an exploiter manipulated Loopscale’s RateX PT token price, affecting approximately 12% of total platform value locked and resulting in significant losses. Loopscale offered the hacker a whitehat contract to return 90% of stolen funds worth 35,527 SOL in exchange for a 10% bounty payment. The hacker accepted this offer, prompting Loopscale to release them from liability regarding the attack and grant a reward of 10% of the recovered funds (worth 3,947 SOL). Loopscale intends to publish a comprehensive post-mortem report on future actions following the incident.
The exploit underscores an increasing trend in blockchain security. In Q1 2025, hackers stole over $1.6 billion worth of crypto from exchanges and smart contracts, according to PeckShield, a blockchain security firm. The attack is believed to have been caused by manipulation of Loopscale’s RateX-based collateral system. Loopscale has taken steps to secure its platform, temporarily disabling loans, withdrawals, and other features until further notice.
The company offers alternative lending models using an order book system for matching lenders and borrowers, unlike traditional pool-based platforms like Aave or Solend. They offer yields exceeding 10% on their SOL vault and more than 5% APR on their USDC vault. Prior to the attack, over 7,000 lenders were actively using Loopscale’s platform.