Loopscale has successfully recovered $5.8 million in funds stolen during an April 26 exploit, following negotiations with the attacker. 

The decentralized finance protocol announced that all user deposits have been returned, with the hacker accepting a whitehat bounty in exchange for immunity.

The exploit stemmed from a vulnerability in Loopscale’s pricing mechanism for RateX PT tokens, which allowed the attacker to drain 5.7 million USDC and 1,200 SOL from the USDC (USDC) and Solana (SOL) vaults. Other users, including borrowers and loopers, were not affected.

“More details to come, but I, and the entire team, are deeply thankful for the support and help we’ve received from the ecosystem over the past 72 hours,” Mary Gooneratne, co-founder of Loopscale, said. “This resolution would not have been possible without the collaboration and efforts of so many others.”

10% bounty

Loopscale halted its markets immediately after detecting the exploit and contacted the hacker through an on-chain message, offering to resolve the situation in exchange for the return of 90% of the stolen assets. 

In return, the platform offered the attacker a 10% bounty—approximately 3,947 SOL—and agreed not to pursue legal action if the funds were returned.

The hacker responded positively within the 24-hour deadline. At 3:30 AM EST on April 28, the remaining 19,999 SOL was sent back to a Loopscale wallet, marking the full recovery of stolen funds. 

Loan repayments and loop closing were re-enabled shortly after the breach, but vault withdrawals remain paused pending further investigation.

Loopscale has committed to releasing a full post-mortem in the coming days and praised the Solana and broader crypto community for their support.