Hacker in Talks to Return Stolen Funds from $5.8 Million Loopscale Exploit
The hacker responsible for a significant recent exploit that resulted in the theft of $5.8 million from Loopscale is currently engaged in discussions aimed at returning the stolen funds. This news comes directly from the decentralized finance (DeFi) protocol, Loopscale, which operates on the Solana blockchain.
The exploit occurred on April 26, when the attacker successfully pilfered approximately 5.7 million USDC and around 1,200 Solana (SOL) tokens. The scale of the theft prompted Loopscale to take immediate action, halting its lending markets in order to contain the fallout and assess the damage done to its platform.
In a surprising turn of events, the following day, the hacker sent a message through the Etherscan blockchain scanner, expressing a willingness to negotiate the return of the exploited funds in exchange for a bounty. Loopscale shared this communication via a post on the platform X (formerly Twitter), indicating that the hacker expressed interest in reaching a “white hat agreement.” This term is commonly used in cybersecurity, referring to ethical hackers who expose vulnerabilities for a reward rather than exploiting them for personal gain.
In the message, the hacker conveyed their intention to collaborate with Loopscale, stating, “We are agreeable to collaborating with you to reach a white hat agreement. However, we would like to negotiate the bounty percentage; our expectation is 20%.” They added that to demonstrate their commitment to a cooperative resolution, they would return 5,000 wrapped SOL (wSOL) immediately following the transmission of their message.
The discussions regarding the remaining funds are ongoing, as evidenced by the public exchanges on Etherscan. This situation raises questions about the efficacy of such negotiations, especially in the context of the broader cryptocurrency space, where bounty agreements are sometimes employed to help recover stolen assets. Nonetheless, data indicates that such efforts have yielded limited success. Out of the staggering $1.6 billion in cryptocurrency stolen during the first quarter of 2025, only a minuscule fraction has been successfully recovered.
The implications of the Loopscale exploit are significant, particularly as it impacted the protocol’s USDC and SOL vaults. According to Mary Gooneratne, co-founder of Loopscale, the losses incurred from the exploit represented around 12% of the total value locked (TVL) in the platform. This figure underscores the severity of the incident and the potential long-term ramifications for the DeFi sector.
In the immediate aftermath of the hack, Loopscale temporarily paused all lending activities. However, the protocol has since taken steps to resume some functions, announcing that it has re-enabled loan repayments, as well as the ability to top up accounts and close existing positions. Despite this progress, several key features, including vault withdrawals, remain temporarily restricted while the platform undertakes thorough investigations into the exploit and works to devise effective mitigation strategies.
Loopscale is relatively new to the DeFi landscape, having launched just a couple of weeks prior to the exploit on April 10. It aims to enhance capital efficiency by facilitating direct matches between lenders and borrowers, offering a more streamlined approach to lending. In addition to standard lending services, Loopscale also provides specialized markets for structured credit, receivables financing, and undercollateralized lending, as indicated in an earlier announcement shared with industry media.
This incident encapsulates the ongoing challenges faced by DeFi protocols in ensuring security and integrity while managing the balance between innovative financial products and potential vulnerabilities. As the discussions between Loopscale and the hacker continue, the outcome may set a precedent for how similar situations are handled in the future, both in terms of negotiation practices and the enforcement of security measures across the DeFi sector.
As the cryptocurrency world continues to evolve and mature, instances such as the Loopscale exploit will undoubtedly serve as critical learning points for developers and users alike, highlighting the necessity for robust security practices in a decentralized financial ecosystem. The possibility of a resolution through collaborative negotiation reflects a nuanced approach to the complex and often volatile relationship between security and innovation in the realm of digital finance.