Key Takeaways
- The exploit was caused by a flaw in the pricing mechanism for RateX-based collateral.
- Loopscale has not disclosed whether user funds will be reimbursed or if insurance mechanisms will be activated.
Decentralized finance platform Loopscale confirmed on Friday that it had suffered a security breach resulting in the loss of approximately $5.8 million, affecting its USDC and SOL vaults. The amount represents around 12% of the total value locked (TVL) on the platform.
The Solana-based protocol said in a statement that the exploit was caused by a flaw in the pricing mechanism for RateX-based collateral. “The root cause of the exploit has been identified as an isolated issue with Loopscale’s pricing of RateX-based collateral,” the team posted on X. An investigation is underway to determine how the breach occurred and whether the stolen funds can be recovered.
“Our team is fully mobilized to investigate, recover funds, and ensure users are protected,” co-founder Mary Gooneratne wrote on social media, assuring users that safeguarding assets remains the team’s top priority.
Loopscale, previously known as Bridgesplit, first entered the decentralized finance space after raising $4.25 million in 2021. Investors included major industry players such as Solana Labs and Coinbase Ventures. Initially focusing on NFT-based yield products, the project later shifted toward a lending model distinct from traditional pool-based platforms like Aave or Solend.
Security had been a known concern even before the launch. Earlier this year, a security audit conducted by blockchain auditing firm OShield uncovered multiple critical vulnerabilities. According to Loopscale’s public documentation, these issues were addressed ahead of the platform’s launch in April. A second audit by Sec3 is reportedly ongoing.
Loopscale has not disclosed whether user funds will be reimbursed or if insurance mechanisms will be activated. During the launch time, Loopscale was advertised as a stand-alone protocol as it leveraged an order book architecture to execute loans by directly matching lenders and borrowers with fixed rates, while others use a pool-based model.
The latest development comes amid a PeckShield report which revealed that over $1.63 billion in crypto was stolen during the first quarter of 2025.
