- Loopscale has successfully recovered the entire $5.8 million stolen in an April 26 exploit.
- The attacker returned the funds after accepting a 10% white-hat bounty and legal immunity
- The attacker exploited the protocol and drained approximately the funds from Loopscale’s USDC and SOL vaults
Loopscale, a decentralized finance (DeFi) protocol on the Solana blockchain, has fully recovered the $5.8 million stolen during an exploit on April 26. The attacker agreed to return the funds in exchange for a 10% bounty and immunity from legal action, highlighting the effectiveness of proactive negotiation strategies. This reinforces a growing trend of hackers accepting such bounties, due in part to the increased surveillance of stolen funds.
Negotiations Pay Off
On April 26, Loopscale suffered a security breach when the attacker exploited a vulnerability in the RateX PT token pricing mechanism, allowing them to drain approximately $5.7 million from Loopscale’s USDC and SOL vaults. This represented about 12% of the platform’s total value locked.
In response, Loopscale initiated a white-hat negotiation strategy; on April 27, the platform publicly offered the attacker a 10% bounty and a full release of liability in exchange for the return of 90% of the stolen funds. The attacker responded positively, returning an initial 5,000 Wrapped SOL (WSOL), valued at approximately $740,000.
Negotiations continued to the point where Loopscale was able to recover all the stolen funds, as it reported yesterday:
Following successful negotiations, all funds taken from the Loopscale protocol (5,726,725 USDC + 1,211 SOL) on April 26th have now been returned.
Users will incur no loss of deposits from this incident. Additional details (including information on vault withdrawals) to follow. https://t.co/zAgzAcGMSU
— Loopscale (@LoopscaleLabs) April 29, 2025
The Loopscale community has praised Loopscale’s swift and transparent handling of the incident:
Amazing! Thank you team @LoopscaleLabs for handling this issue so professionally!
I am very glad my funds are returned and safe.— Markus (@MrMarkus_Fin) April 29, 2025
Loopscale has committed to releasing a full post-mortem report and is conducting thorough security assessments to prevent future incidents. While loan repayments and loop closing functionalities have been re-enabled, vault withdrawals remain temporarily paused pending further investigation.
