Loopscale, a decentralized finance (DeFi) protocol on Solana, lost $5.8 million to an exploit this past weekend. The exploit was detected on April 26, just a couple weeks after project’s launch on April 10. Loopscale, which is the successor to Bridgesplit, initially as NFT-based yield products.
Attackers exploited a vulnerability in Loopscale’s lending markets. This breach resulted in the loss of approximately 5.7 million USDC and 1,200 Solana (SOL). After the attack, Loopscale shut down its lending operations temporarily.
Loopscale has since reopened loan repayments, top-ups, and loop closings. But vault withdrawals and other app features remain suspended on the platform as investigations into the matter continue.
Importantly, Loopscale completed a security audit by security firm OShield earlier this year. Through the audit, numerous high priority vulnerabilities were found, all of which Loopscale promptly fixed by correcting all major issues identified by OShield. Beyond the OShield audit, a second audit by Sec3 is currently in progress for Loopscale.
The exploit unfortunately reminds us all of the fragility and insecurity that DeFi protocols inherently assume, even when they have been audited. This recent attack sheds a light on the need for ongoing monitoring and proactive security measures in the quickly-changing world of DeFi.
The Loopscale team is still on the ground, determining the full scope of the devastation. They’re putting in place automatic protections to ensure that this doesn’t ever happen again. They are working with security experts to analyze and help resolve the exploit. The Solana community is in turn supporting their efforts to get these stolen funds back.
