Solana’s Loopscale Suspends Lending After $5.8M Exploit

Key Takeaways:

• On April 26, 2025, Loopscale paused its lending markets after attackers drained roughly $5.8 million, representing about 12% of its total value locked.
• The exploit leveraged an under collateralization vulnerability by manipulating the on-chain price feed for the RateX PT token.
• Repayments, collateral top-ups, and position closures are now permitted, but withdrawals remain disabled while investigations continue.
• This incident highlights the importance of robust oracle architectures, multi-layer audits, and on-chain insurance mechanisms in DeFi.

Loopscale launched in early April 2025 as a novel Solana-based DeFi protocol, offering order-book matching for lenders and borrowers instead of conventional liquidity pools. By mid-April, the platform had attracted over 7,000 users and amassed nearly $40 million in deposits across USDC and SOL vaults. Its innovative design aimed to deliver tighter spreads and more transparent loan terms, including options for undercollateralized borrowing—an uncommon feature in DeFi at the time. Despite undergoing security reviews, Loopscale’s rapid rollout left little room for extensive stress testing under adversarial conditions.

Attacker deployed a malicious program via Loopscale

On the afternoon of April 26, a coordinated attacker executed a series of transactions that exploited a flaw in the collateral valuation mechanism:

• Oracle Manipulation: The attacker depressed the reported value of the RateX PT token by injecting skewed pricing data.
• Debt Creation: With the token undervalued, the protocol permitted loans with insufficient collateral backing.
• Asset Drain: The attacker drained both USDC and SOL vaults in rapid succession, withdrawing assets far beyond safe collateral thresholds.

This multi-step approach allowed the hacker to borrow and withdraw approximately 5.7 million USDC and 1,200 SOL (totaling $5.8 million) before the system administrators could intervene.

Following detection of abnormal price swings and unusually large withdrawal requests, the Loopscale team enacted emergency protocols:

• Market Suspension: All new lending and vault withdrawal functions were immediately frozen.
• Selective Reinstatement: Users have been allowed to repay outstanding loans, add collateral, and close positions (“loop closing”), helping prevent further debt accumulation.
• Audit and Forensics: Smart contract logs and transaction histories are under intensive review by both in-house engineers and external security specialists.

While these steps have curtailed additional losses, full withdrawal functionality remains offline pending a thorough vulnerability assessment and patch deployment.

At the exploit’s core lay a classic oracle attack combined with an under collateralization bug:

• Price Feed Reliance: The protocol calculated collateral requirements using a single, time-point price feed sourced from a liquidity pool.
• Manipulation Window: By deploying a flash loan strategy to buy or sell large amounts of RateX PT just before loan initiation, the attacker created a temporary price discrepancy.
• Unchecked Collateral Logic: The smart contract did not incorporate time-weighted average pricing or multi-source aggregation, allowing it to accept manipulated values instantly.

Absent safeguards such as TWAP or multi-oracle checks, the pricing module misjudged collateral value and inadvertently authorized unsecured debt issuances.

The exploit triggered margin calls across interconnected Solana lending platforms as cascading liquidations drove SOL and USDC prices down on decentralized exchanges. Investor confidence in emergent DeFi projects eroded, leading to more restrictive capital flows, heightened regulatory scrutiny, and intensified examination of security audits. These developments underscored that innovative protocol design, no matter how compelling, cannot replace comprehensive security measures when managing substantial assets, reinforcing the imperative for rigorous risk controls in decentralized finance.

More News: Solana Celebrates 5 Years with 400 Billion Transactions and $1 Trillion in Volume

The post Solana’s Loopscale Suspends Lending After $5.8M Exploit appeared first on CryptoNinjas.