Loopscale, a decentralized finance (DeFi) lending protocol on Solana, temporarily halted its lending markets after an exploit. On April 26, hackers stole around 5.7 million USDC and 1,200 Solana by taking out undercollateralized loans. The attack impacted only Loopscale’s USDC and SOL vaults, resulting in a loss of about 12% of the platform’s total value locked (TVL). The protocol has since resumed loan repayments, top-ups, and loop closings, but other functions like Vault withdrawals remain restricted during the investigation.
Loopscale’s team, led by co-founder Mary Gooneratne, is working to recover funds and mitigate the exploit’s effects. The platform’s lending model, which was launched in April 2025 after a six-month beta, is designed to enhance capital efficiency by directly matching borrowers and lenders. Loopscale distinguishes itself with an order book model, unlike platforms like Aave that use liquidity pools for deposits. This model allows for specialized lending markets, including undercollateralized lending and structured credit.
The exploit comes amid a troubling rise in DeFi hacks. Blockchain security firm PeckShield reported over $1.6 billion in stolen crypto during Q1 2025, with over 90% of that from a North Korean attack on ByBit. In contrast, Loopscale has emphasized its commitment to user protection and fund recovery, reassuring its users that the exploit’s impact will be mitigated. Despite the hack, the protocol’s overall TVL stands at approximately $40 million, with over 7,000 active lenders.
The exploit underscores the vulnerabilities within the DeFi space, especially with newer protocols that employ unique lending models. Loopscale’s innovative lending approach, supporting diverse token pairs and high APRs on USDC and SOL vaults, has attracted significant interest from investors. However, the attack highlights the ongoing security challenges in decentralized finance, where even small vulnerabilities can lead to significant losses.
Reference:
