- Loopscale, a Solana-based lending platform, lost $5.8M (12% of TVL) in a sophisticated hack targeting RateX-based collateral pricing.
- Despite prior audits, vulnerabilities remained; Loopscale paused key operations but has cautiously reopened some services.
- The platform, recently rebranded from Bridgesplit, had promised more stable lending through an order book model.
Solana-based lending platform Loopscale suffered a devastating exploit this weekend, losing over $5.8 million, roughly 12% of its total value locked (TVL), in a sophisticated attack that exploited vulnerabilities in one of its collateral pricing mechanisms.
The breach, confirmed late Saturday, targeted RateX-based collateral pricing, an isolated component within Loopscale’s lending infrastructure. “The root cause of the exploit has been identified as an isolated issue with Loopscale’s pricing of RateX-based collateral,” the Loopscale team announced on X (formerly Twitter). “An active investigation is underway to determine how this vulnerability was introduced, who is responsible, and how we can most effectively pursue fund recovery.”
Launched just earlier this month on April 10, Loopscale was initially known to the crypto community as Bridgesplit, a startup that raised $4.25 million in venture capital during 2021 from backers including Solana Labs, Coinbase Ventures, and others. Bridgesplit had initially pitched an NFT-based yield generation product but rebranded to Loopscale to focus on order book-based lending, an alternative to the traditional pool-based models used by DeFi giants like Aave and Solend.
By relying on an order book system, Loopscale promised users more predictable loan terms and a reduction in the interest rate volatility that plagues many variable-rate lending protocols.
Solana Faces New DeFi Crisis as Loopscale Suffers Major Hack
Despite being subject to an audit earlier this year by blockchain security firm OShield, which flagged and helped fix several critical vulnerabilities, Loopscale still found itself vulnerable. Its FAQ stated that “all critical and high-risk issues identified have been fixed” and that an additional audit by Sec3 was ongoing at the time of the attack.
“We are fully mobilized to investigate the incident, recover the stolen assets, and protect our community,” wrote Mary Gooneratne, co-founder of Loopscale, in a statement on X.
Following the exploit, Loopscale temporarily paused several key functions on its platform to contain the damage. However, by Saturday evening, it had cautiously reopened services, allowing loan repayments, collateral top-ups, and loop closing, in an effort to stabilize the platform and reassure its user base.
This latest attack adds to an already grim tally of 2025 DeFi hacks, with the sector bleeding hundreds of millions of dollars in losses. It follows February’s record-breaking $1.46 billion Bybit hack, as well as recent exploits impacting KiloEX (oracle manipulation leading to a $7 million loss), Solana-based projects, and Infini, a stablecoin neobank that suffered a staggering $49 million breach.
The Loopscale incident underscores a growing concern: even newly launched, audited DeFi platforms remain vulnerable to attack vectors, and the race between security protocols and hackers is far from over.
As the crypto community demands better transparency and more rigorous security standards, all eyes are now on how Loopscale manages its response and whether it can recover both the stolen funds and user trust in the volatile months ahead.
Related | Bitcoin, Solana, Ethereum: institutional FOMO ignites crypto markets with record ETF inflows