Loopscale, a so-called decentralized finance (DeFi) protocol operating on the Solana blockchain, fell victim to a significant security breach, resulting in a loss of approximately $5.8 million.
This amount represents 12% of the platform’s total value locked (TVL), which stood at around $40 million prior to the incident.
The exploit specifically targeted vulnerabilities in Loopscale’s market operations, exploiting the RateX PT token pricing functions to drain 5.7 million USDC and 1,200 SOL from the platform’s USDC and SOL vaults.
Update: Loopscale has re-enabled loan repayments, top-ups, and loop closing. All other app functions (including Vault withdrawals) are still temporarily restricted while we investigate and ensure mitigation of this exploit.
The root cause of the exploit has been identified as an… https://t.co/Pk2pMx8UcK
— Loopscale (@LoopscaleLabs) April 26, 2025
The breach, which occurred around two weeks after Loopscale’s public launch on April 10, 2025, has yet again raised very serious concerns about the security of newly established DeFi platforms in an already volatile sector.
Loopscale had gained traction in the DeFi space, attracting over 7,000 lenders and offering attractive yields, with annual percentage rates (APRs) exceeding 5% for USDC and 10% for SOL in its main vaults.
The platform also supported lending markets for tokens like JitoSOL and BONK, catering to a wide range of users seeking yield opportunities.
Backed by prominent investors such as Solana Labs and Coinbase Ventures, Loopscale had reportedly raised $4.25 million in venture capital funding in 2021.
However, this incident underscores the persistent risks in the evolving world of decentralized finance, particularly for platforms introducing mechanisms like Loopscale’s collateral pricing model.
The exploit adds to a troubling trend of DeFi hacks in 2025.
Earlier this year, the crypto space witnessed a record-breaking $1.46 billion exploit targeting Bybit in February, followed by a $49 million loss suffered by stablecoin neoback Infini in recent weeks.
Historical data from the first quarter of 2025 reveals that hackers stole over $1.6 billion from exchanges and smart contracts, with centralized platforms bearing the brunt of these attacks.
The Loopscale breach highlights the vulnerabilities inherent in DeFi systems, especially those that have not undergone extensive testing prior to launch.
Security professionals have long emphasized the importance of continuous audits to fortify defenses, particularly in Solana’s (SOL) ecosystem, which has experienced similar breaches in the past due to innovative yet untested mechanisms.
In response to the exploit, Loopscale initially restricted all platform operations in an effort to prevent further losses.
However, the team then later re-enabled certain functions, such as loan repayments, top-ups, and loop closing, while keeping vault withdrawals temporarily restricted as they investigate the incident.
Mary Gooneratne, Loopscale’s co-founder, assured users that the team is fully mobilized to investigate the breach, recover the stolen funds, and implement measures to enhance user protections.
The platform is also working reportedly with law enforcement and security professionals to address the issue and mitigate future risks.
This latest incident serves as yet another stark reminder of the broader vulnerabilities in the DeFi space, where rapid innovation often outpaces security measures – which then leads to protocol developers taking many more steps backwards than forward in any meaningful manner.
As the nascent DeFi sector continues to expand, the Loopscale exploit—alongside other recent hacks like the $7 million oracle exploit affecting KiloEX—underscores the urgent need for more robust security protocols and regular audits to safeguard user funds and maintain trust in decentralized finance platforms.