The decentralized finance (DeFi) space is rapidly expanding, providing exciting new financial opportunities while bringing with them new security risks. In July, Loopscale, a lending platform, was recently targeted in an undisclosed attack. As a consequence, they lost an estimated $5.8 million worth of assets. This unfortunate incident serves to illustrate the dangers that are inherently associated with DeFi. It further highlights the importance of robust security practices. MetaBlock X is here to assist you in overcoming challenges as you navigate the evolving crypto landscape. We equip you with the knowledge and confidence to make that happen safely.

This article will delve into the Loopscale exploit. It details the technical vulnerability, shares how it has immediately impacted users, and explains what Loopscale is doing to recover and protect against future attacks. It offers actionable advice for DeFi users on assessing risk and protecting their assets in light of increasing exploits.

Understanding the Loopscale Exploit

The Technical Vulnerability

The Loopscale exploit was primarily focused on an oracle manipulation vulnerability that affected the platform’s loan collateral pricing based on RateX. RateX, an off-market pricing feed or mechanism, could no longer be used to misstate the real value of the collateral used to back loans. This mismatch can have serious fiscal consequences. This concentrated loophole sent an attacker to withdraw under-collateralized loans. The attacker drained the system by borrowing more assets than the value of their provided collateral. This move was very much a tipping of the scales, or in effect, breaking the system.

We were able to determine the main cause of the exploit. This was due to a bug in Loopscale’s pricing of RateX-based collateral that allowed an attacker to borrow in under-collateralized fashions. This glaring technical shortcoming underscores the fundamental need for precision and reliability in pricing mechanisms within DeFi lending platforms. Without accurate valuation of collateral, the whole system is ripe for bad actors to game the system.

Immediate Impact on Users and the Platform

The impact of the exploit was immediate and massive. Based on Loopscale’s funds lost so far—with an attacker having previously siphoned 5.7 million USDC and 1,200 SOL from Loopscale’s vaults. Generating over $1M an hour, this significant drain of capital prompted widespread alarm among users and the larger DeFi community.

The exploit only affected Loopscale’s USDC and SOL vaults, which account for about 12% of the platform’s total value locked (TVL). Though the breach was contained to certain vaults, this loss still affects approximately 12% of Loopscale’s total value locked (TVL). This should give any enterprise serious pause regarding the security underpinnings of new decentralized finance platforms. In retaliation, Loopscale did everything it could to quickly safeguard its users and resume operations. They took emergency action to close their predatory lending markets to prevent ongoing abuse. This enabled them to perform a deep dive into the vulnerability.

Loopscale's Response and Recovery Efforts

Loopscale is now implementing multiple steps to fix the damage from the exploit and mitigate future attacks. The team, headed by co-founder Mary Gooneratne, has a proven record of investigating, recovering funds and putting users back in control of their information.

Loopscale paused its lending markets in order to ensure user safety and eventually resume normal operations. The winning team is already working with security companies and law enforcement departments. Collectively, as these two teams, they’re probing the exploit and hunting down the hacker. On Saturday, Loopscale disabled certain features of the site while they determined what occurred. Later that evening they switched back on loan repayments, top-ups and loop closing. Additionally, Loopscale has been fully audited and is undergoing further audits to ensure nothing like this can ever happen again. Through the extensive investigation, we believe we have found the root cause of the exploit. This has originated from a specific bug with Loopscale’s pricing of RateX-based collateral, and we have patched the issue.

DeFi Security: Lessons Learned and Actionable Advice

The Loopscale exploit is not the only example of the security risks plagueing the DeFi space. The Mango Markets attack, the Ronin bridge hack, and the Tornado Cash governance attack are some recent high-profile examples. They serve as a reminder of the vast spectrum of vulnerabilities that attackers can exploit. In order to operate successfully in this new landscape, DeFi users must be empowered to be proactive in their risk assessment and safeguarding their assets.

Common DeFi Security Risks

  • Oracle Manipulation Risk: The Mango Markets attack in October 2022 showed that price oracles used for low liquidity tokens can be easily manipulated, highlighting the need for robust oracle security.
  • Bridge Security Risk: The $650 million hack of Axie Infinity's Ronin bridge demonstrated the importance of ensuring bridge security to prevent significant losses.
  • Reentrancy Attack Risk: Reentrancy attacks, such as those possible in Solidity contracts, can lead to significant losses if not properly mitigated.
  • Governance Attack Risk: The Tornado Cash governance attack, where a malicious entity gained control over the project, highlights the need for secure governance mechanisms.
  • Slippage Risk: Slippage in token pools on decentralized exchanges can result in significant losses if not properly managed.

Protecting Your DeFi Assets: Actionable Steps

Here are some actionable steps DeFi users can take to mitigate risk and protect their assets:

  1. Understand the technology behind DeFi: Having a solid grasp of how DeFi works is the first line of defense. This includes understanding concepts like smart contracts, decentralized exchanges, and lending protocols.
  2. Use multi-signature wallets: Multi-signature wallets offer an additional layer of security and protection for DeFi assets through a collaborative authentication process.
  3. Conduct comprehensive security audits and code reviews: Critical to identifying and addressing potential vulnerabilities within DeFi platforms and protocols.

By understanding these risks and taking proactive steps to mitigate them, DeFi users can navigate the crypto landscape with greater confidence and control. MetaBlock X gives you the information and resources you need to get started. With our help, thrive in the fast-paced world of decentralized finance and beyond!