Loopscale has deep dived on recovering funds that were stolen in an exploit on April 26, with $5.8 million successfully recovered thus far. The settlement agreement The company announced that all user funds have been refunded, a big step in recovering from the hack. As part of the deal, the hacker was awarded a whitehat bounty in return for their immunity.
The exploit exploited an unchecked reading of Loopscale’s pricing calculation for RateX PT tokens. Due to this vulnerability, the malicious actor was able to drain 5.7 million USDC and 1,200 SOL from USDC and Solana vaults.
Loopscale stopped its markets as soon as it detected the exploit. To mitigate damage, the company seemed to react quickly by contacting the hacker with an on-chain message. They even introduced a Congressional resolution, calling for the return of 90% of the stolen assets. Loopscale incentivized the attacker with a 10% reward, which would be worth approximately 3,947 SOL. They agreed not to sue if the money was repaid.
At 3:30 AM EST on April 28, the remaining 19,999 SOL was sent back to a Loopscale wallet, marking the full recovery of the stolen funds. Loopscale’s co-founder, Mary Gooneratne, thanked the crypto community for their support.
"More details to come, but I, and the entire team, are deeply thankful for the support and help we’ve received from the ecosystem over the past 72 hours." - Mary Gooneratne
"This resolution would not have been possible without the collaboration and efforts of so many others." - Mary Gooneratne
Loopscale credited the rapid and huge response from the Solana and larger crypto community with helping to win the day. The company has committed to releasing a full post-mortem in the coming days to provide more details about the exploit and the recovery process.
