Solana DeFi protocol Loopscale has been hit by a major exploit, resulting in the loss of more than $5.8 million, about 12 percent of its Total Value Locked.
The platform confirmed it is still investigating the incident and working with law enforcement and security experts to track down the attackers and recover the stolen assets.
Pricing manipulation identified as cause of exploit
Loopscale delivered their report through X which detailed the hack outcome from an independent pricing problem with RateX-based collateral. The systems vulnerability affected only its operations while RateX itself remained secure. Users who deposited SOL with USDC into the Genesis vaults and depositors of SOL and USDC in SOL and USDC Genesis vaults have experienced impact from the breach.
The RateX PT token pricing function fell victim to an attack that led to both the loss of SOL worth 1200 tokens and USDC worth $5.7 million. The company took its markets offline for a brief period followed by market restarts for loan repayment and top-up and looping features except vault withdrawal capability. The protocol will deliver a complete technical examination in addition to a user list that shows impacted parties.
Audit reports and platform background
Loopscale received OShield audit inspections between January and February 2025 before the exploit commenced although the project showed it had resolved multiple identified vulnerabilities at that time. A current audit takes place at Sec3. Loopscale initiated its operations on April 10, 2023 when it presented an order book-based lending framework.
The platform design enables users to access three forms of lending services with fixed interest rates and durations and support for multiple types of assets which help minimize market rate fluctuations. The project gains backing from major players including CoinFund in addition to Jump Capital and Solana Ventures. With an original name of Bridgesplit Loopscale launched NFT yield products which led to $4.25 million funding from Solana Labs, Coinbase Ventures and other venture capitalists.
Wider impact of DeFi exploits in 2025
The Loopscale attack adds to a growing list of DeFi exploits this year. Earlier in April, KiloEX lost $7 million due to a price manipulation issue and is preparing to compensate affected users. In February, Bybit suffered a massive $1.46 billion hack, now attributed to North Korea’s Lazarus Group, surpassing previous records like Coincheck’s 2018 and Mt. Gox’s 2014 breaches. Data shows that over $1.6 billion has been lost to DeFi exploits in the first quarter of 2025 alone. Other affected platforms include zkLend, Ionic Money, Cardex, Four.Meme, Cashverse, BankX, and GoldReserve NFT.