Loopscale hacker accepts bounty offer to return $5.8 million in USDC and SOL
3 min read
In a rare resolution in the crypto world, Loopscale announced on April 28 that the hacker responsible for its $5.8 million exploit agreed to return the majority of the stolen assets in exchange for a 10% bounty. The agreement comes just two days after the hack, where attackers manipulated Loopscale’s RateX PT token pricing, draining the platform’s USDC and Solana vaults. The platform has committed to updating users on vault withdrawals and publishing a full post-mortem in the coming days. The incident, which forced Loopscale to suspend operations temporarily, highlights growing vulnerabilities within decentralised finance, at a time when crypto-related hacks are surging worldwide. Loopscale @LoopscaleLabs · Follow At 3:52PM ET today, we received a response from the exploiter. They have indicated a willingness to return the exploited funds in exchange for a bounty.We appreciate their engagement so far and we are actively working to reach an amicable resolution.As such, we will be 5:54 AM · Apr 28, 2025 199 Reply Copy link Read 40 replies Hacker accepts bounty after Loopscale breach Loopscale, a decentralised finance platform, was hacked on April 26, losing approximately $5.7 million in USD Coin (USDC) and 1,200 Solana (SOL) after its pricing mechanism for the RateX PT token was manipulated. This directly impacted depositors in the USDC and SOL vaults, forcing Loopscale to suspend all vault withdrawals and freeze its markets while the breach was under investigation. According to the platform, no issues were found with the RateX collateral system itself. The vulnerability only affected vault depositors, with no impact on other operations. Following the attack, Loopscale proposed a settlement to the hacker on April 27, offering a 10% bounty—equivalent to 3,947 SOL—if the hacker returned the remaining 90% of stolen funds, or 35,527 SOL. The proposal also included immunity from legal consequences. The hacker was given until Apr. 28 at 6 AM EST to respond, and they agreed within the deadline. Loopscale thanked the hacker publicly and promised to resume withdrawals once the recovered funds were secured. Crypto security concerns grow after exploit The Loopscale incident adds to a growing list of security concerns facing the cryptocurrency industry. In Q1 2025 alone, over $1.6 billion was stolen in various attacks, making it the worst quarter on record for crypto security breaches. The trend appears to be continuing into Q2 2025, with several notable hacks already reported. Among these, decentralised trading platform SIR.trading suffered a $572,000 theft, ZKSync faced a $5 million exploit, and KiloEx lost $7 million in an attack. Each case has contributed to rising fears over vulnerabilities in decentralised finance platforms and exchanges, particularly regarding price manipulation attacks similar to what affected Loopscale. The combination of massive losses and increasingly sophisticated attacks has intensified calls for more robust security standards across decentralised platforms. Experts suggest that platforms must strengthen oracle systems, conduct regular audits, and introduce dynamic risk controls to address loopholes like the one exploited in Loopscale’s RateX PT token pricing. Vault withdrawals and post-mortem coming soon Following the hacker’s agreement to the bounty, Loopscale announced plans to soon resume vault withdrawals for impacted users. The platform has also pledged to release a detailed post-mortem report on the exploit. The post-mortem is expected to clarify how the RateX PT pricing system was manipulated, what specific vulnerabilities were targeted, and what measures Loopscale will introduce to prevent future breaches. Early indications from the platform suggest that the root cause was limited to how vault deposit pricing was calculated, without affecting the broader RateX collateral system. As the crypto community awaits the full disclosure, Loopscale’s handling of the situation—from the whitehat bounty offer to securing the return of stolen funds—could serve as a case study for incident response strategies in decentralised finance. The episode underlines how critical it is for decentralised platforms to have contingency plans, clear communication protocols, and established bounty frameworks ready to deploy immediately after an attack, particularly given the scale of losses the industry continues to face in 2025. The post Loopscale hacker accepts bounty offer to return $5.8 million in USDC and SOL appeared first on Invezz
Source: Invezz
