Loopscale is a lending and borrowing protocol on the Solana blockchain, which went mainnet on April 10, 2025, and recently lost $5.8M to a Price Manipulation Attack.
On April 26, 2025, at 15:28 UTC, the initial attack occurred, followed by subsequent attacks to drain the protocol lending vault. The loss comprised around 12% of the protocol’s TVL. The analysis covers the hack details, how it happened, the attack flow, and the funds lost.
Hack Analysis and Its Impact
Loopscale is an orderbook-based lending protocol that also offers leveraged lending positions to users called “Loop”. Loopscale supports a wide range of assets, including staked tokens, LP positions, and more.
The root cause of the attack was tied to the protocol’s pricing mechanism. Initially, the attacker deployed the program (BdADVdaAdDbFo85EP2ynEanQQMDDJgPyTZmAKtaHKRbK) to manipulate how Loopscale vault system prices the Rate X PT tokens.
Using the mispriced tokens, the attacker then borrowed a series of loans that were backed by poor collateral (undercollateralized loans). Though it is important to note that the issue was with how Loopscale priced the RateX PT tokens and not the RateX itself.
Fund Flow Post Attack
Attacker Wallets
4QsqugQcrCuSVzU9WjeLDoR6HaaSZtMEZr5JCyxwHgCV (Loopscale Exploiter 1)
C1QyPYoWQiueqhtLeaG5Nhkv1LJ8oweBNCbfGJ3LprYT (Loopscale Exploiter 2)
0xc9d30E520Af584d0867FfC71DE162f1C09987Fe8 (EVM Wallet of Attacker)
Relevant Transactions/Signatures
3LcknBmavGUAMJvNMAc5xwsLqFaKs3vfguWsoTNYzpBv76B4ChiagitSHogpdMwWZpuKDV3a62uT4wXn2SvLZvGP
55dmSjy4Whjfqbfp8LwRduzTwz1fDeLu6aj8STqDXeiezZneNJwr2XiX3Qy7yWb2G2DL3d991ACD6sejNkQ7eH5Q
Initially, the USDC stolen was swapped with SOL and transferred to another wallet of the hacker.
Once the funds were swapped in SOL, the funds were bridged through Wormhole which were frozen later.
Return of Funds and Team Response
The team was quite active while blocking and tracing the funds. The team managed to contact the attacker, and after successful negotiations, the team was able to retrieve all the funds, including ~5.7M in USDC and 1,211 SOL, according to their tweet.
How the Hack Could Have Been Prevented?
The attacker manipulated the pricing logic of the protocol vault which led to siphoning of the funds from USDC and SOL vaults. A better pricing mechanism for the PT Tokens could have been a better approach here.
The protocol can use TWAP (Time-Weighted Average Price) for pricing assets to prevent such vulnerabilities.
Conclusion
Loopscale is a lending and borrowing protocol live on Solana, which got hit by a Price Manipulation Attack after 2 weeks of going live on Mainnet.
DeFi protocols are getting fairly complex. In the case of Loopscale, they have implemented leveraged lending products for the users to amp up the yields. With the increasing complexity, it is important to keep the security ahead and get robust audits done.
At QuillAudits, we make sure your smart contracts are fit to hit the mainnet with our 7 years of expertise & 1400+ audits. We also provide the auditing service for Solana-based Smart Contracts.
