Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 230Oracle Manipulation

Loopscale Two-Week-Old Drain

Solana's Loopscale lost $5.8M 16 days post-launch via RateX PT token oracle manipulation enabling undercollateralized loans. All funds returned for 10% bounty.

Date
Victim
Loopscale
Chain(s)
Solana
Status
Recovered

On April 26, 2025, the Solana-based DeFi lending protocol Loopscale suffered a $5.8 million exploit — about 12% of its $40M TVL — just 16 days after its April 10 launch. The attacker manipulated RateX PT token oracle pricing to take out undercollateralized loans. After negotiation, the attacker accepted a 10% bounty and returned all funds, resulting in zero user losses.

What happened

Loopscale's lending platform accepted various Solana DeFi tokens as collateral, including RateX PT tokens — Plasma Token wrappers used by RateX, a fixed-rate yield protocol. Loopscale's loan-pricing logic for PT tokens depended on oracle reads that derived prices from underlying RateX state.

The fatal flaw: the PT token pricing functions could be manipulated through specific call sequences that didn't trigger Loopscale's solvency checks. The attacker:

  1. Manipulated the RateX PT token oracle through state changes that affected the price-derivation logic.
  2. Deposited the manipulated-value PT tokens as collateral on Loopscale.
  3. Borrowed real assets (USDC, SOL) against the inflated collateral valuation.
  4. Walked away without repaying, leaving Loopscale with collateral worth less than the loans backed by it.

Total extracted: 5.7M USDC + 1,200 SOL = approximately $5.8M.

Aftermath

  • Loopscale paused all lending and withdrawal operations within hours.
  • The team sent on-chain messages to the attacker offering a 10% bug bounty in exchange for prosecution immunity.
  • The attacker accepted the offer and returned the stolen funds to Loopscale's recovery address.
  • No user losses — operations resumed with patched PT oracle logic.

Why it matters

Loopscale's incident is a striking case study for how quickly a freshly-launched DeFi protocol becomes a target. The exploit occurred 16 days after launch, when:

  • The protocol had accumulated ~$40M in TVL and 7,000+ lenders — enough capital to make the operation worthwhile.
  • The codebase was still under active iteration, with new features being added regularly.
  • The team's incident-response procedures had not been battle-tested in production.

The structural lessons:

  1. New protocols are disproportionately attacked in their first 30 days post-launch. The combination of fresh code, accumulating TVL, and immature incident response creates a high-value, low-defended target. Attackers explicitly monitor for this window.

  2. Oracle dependencies on relatively new tokens (like RateX PT) inherit the security properties of the underlying — the PT token's price-derivation logic was the actual attack surface, not Loopscale's lending math.

  3. The 10% bounty / 100% recovery outcome is increasingly the dominant settlement pattern for mid-size DeFi exploits. The economic logic for the attacker — bounty payment is risk-free, laundered funds are risky — pushes toward this resolution as long as the attacker is rational and unidentifiable.

Loopscale's response — immediate pause, transparent on-chain negotiation, full recovery within days — set a credible bar for how a small-team protocol can handle a serious incident without destroying user trust. The team's subsequent transparency about the technical root cause (publishing detailed post-mortems) has become standard practice for protocols that want to maintain credibility after an exploit.

Sources & on-chain evidence

  1. [01]cryptoninjas.nethttps://www.cryptoninjas.net/news/solanas-loopscale-suspends-lending-after-5-8m-exploit/
  2. [02]halborn.comhttps://www.halborn.com/blog/post/explained-the-loopscale-hack-april-2025
  3. [03]theblock.cohttps://www.theblock.co/post/352083/solana-defi-protocol-loopscale-hit-with-5-8-million-exploit-two-weeks-after-launch

Related filings