Cyber Incident Victim: Loopscale
Date:
Apr 2025
Location:
—
Summary
Loopscale pausedits lending markets after a hacker drained about 5.7 million USDC and 1,200 SOL through a series of undercollateralized loans, resulting in losses of roughly $5.8 million. The team has since restored loan repayments, top‑ups and loop closing while keeping other functions, such as vault withdrawals, temporarily restricted during the investigation. The exploit affected only the USDC and SOL vaults, representing around 12% of the protocol’s total value locked. The protocol, launched after a closed beta, uses an order‑book model that matches lenders and borrowers directly and offers specialized markets including structured credit and receivables financing. Its main USDC and SOL vaults provide annual percentage rates above 5% and 10%, respectively, and it supports looping strategies for dozens of token pairs.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Loopscale was launched on April10 2025 after a six‑month closed beta as a decentralized finance lending protocol that uses an order book model to directly match lenders and borrowers, aiming to increase capital efficiency. The protocol reported approximately $40 million in total value locked and had attracted upwards of 7,000 lenders according to researcher OurNetwork. Its main USDC and SOL vaults offered annual percentage rates exceeding 5% and 10% respectively, and it also supported lending markets for tokens such as JitoSOL and BONK as well as looping strategies for over 40 different token pairs. On April 26 2025, Loopscale’s co‑founder Mary Gooneratne announced via an X post that the protocol had suffered an exploit in which a hacker siphoned roughly 5.7 million USDC and 1,200 SOL after taking out a series of undercollateralized loans. The exploit affected only the USDC and SOL vaults, resulting in losses of about $5.8 million, which represented around 12% of Loopscale’s total value locked at the time.
In response, Loopscale immediately re‑enabled loan repayments, top‑ups, and loop closing functions while keeping all other app features, including vault withdrawals, temporarily restricted to allow investigation and mitigation. The team stated it was fully mobilized to investigate the incident, recover the stolen funds, and ensure user protection. The protocol emphasized that the exploit did not impact any other assets or markets beyond the two affected vaults. This incident occurred amid a broader trend in the first quarter of 2025, during which blockchain security firm PeckShield reported that hackers stole more than $1.6 billion worth of crypto from exchanges and on‑chain smart contracts, with over 90% of those losses linked to a $1.5 billion attack on the centralized exchange ByBit carried out by the Lazarus Group.
Loopscale’s design distinguishes it from peers such as Aave by using an order book rather than pooled liquidity, and it markets itself as supporting specialized lending activities including structured credit, receivables financing, and undercollateralized lending. The protocol’s APRs for its primary vaults were highlighted as exceeding 5% for USDC and 10% for SOL, and it advertised the ability to facilitate looping strategies across numerous token pairs. Prior to the exploit, Loopscale had positioned itself as a capital‑efficient alternative in the Solana DeFi ecosystem, aiming to attract both retail and institutional participants seeking yield on their digital assets. The temporary restriction of certain functions reflects the protocol’s effort to balance user accessibility with security while the investigation continues.