# Solana's Loopscale Pauses Lending After $5.8M Hack

The DeFi lending protocol has restored loan repayments but some functionalities are still disabled.

The Solana decentralized finance (DeFi) protocol Loopscale has temporarily halted its lending markets after suffering an approximately $5.8 million exploit. On April 26, a hacker successfully siphoned approximately 5.7 million USDC (USDC) and 1200 Solana (SOL) from the lending protocol after taking out a “series of undercollateralized loans”, Loopscale co-founder Mary Gooneratne revealed in an X post.

The exploit only impacted Loopscale’s USDC and SOL vaults, resulting in losses that represent around 12% of Loopscale's total value locked (TVL). However, the protocol has since “re-enabled loan repayments, top-ups, and loop closing”, according to Gooneratne. Despite this, “[a]ll other app functions (including Vault withdrawals) are still temporarily restricted while we investigate and ensure mitigation of this exploit,” Loopscale said in an April 26 X post.

The incident highlights the growing threat of cyber attacks in the DeFi space, with hackers stealing more than $1.6 billion worth of crypto from exchanges and on-chain smart contracts in the first quarter of 2025 alone. According to a report by blockchain security firm PeckShield, more than 90% of those losses are attributable to a $1.5 billion attack on ByBit, a centralized cryptocurrency exchange, by North Korean hacking outfit Lazarus Group.

Loopscale is a DeFi lending protocol designed to enhance capital efficiency by directly matching lenders and borrowers. Launched on April 10 after a six-month closed beta, Loopscale's order book model distinguishes it from DeFi lending peers such as Aave that aggregate cryptocurrency deposits into liquidity pools. The protocol also supports specialized lending markets, including “structured credit, receivables financing, and undercollateralized lending”, according to an April announcement shared with Cointelegraph.

Loopscale’s main USDC and SOL vaults yield APRs exceeding 5% and 10%, respectively. It also supports lending markets for tokens such as JitoSOL and BONK (BONK) and looping strategies for upwards of 40 different token pairs. The DeFi protocol has approximately $40 million in TVL and has attracted upwards of 7,000 lenders, according to researcher OurNetwork.

In response to the exploit, Loopscale’s co-founder emphasized that “our team is fully mobilized to investigate, recover funds, and ensure users are protected.” The incident serves as a reminder of the importance of robust security measures in the DeFi space and the need for protocols like Loopscale to prioritize user protection and transparency.

#Update

In an updated statement on April 26, Loopscale reiterated its commitment to user safety and promised to provide regular updates on the situation. The protocol has also established a dedicated support channel for users affected by the exploit, providing them with assistance and guidance throughout the recovery process.

As the DeFi landscape continues to evolve, it is essential that protocols like Loopscale prioritize security, transparency, and user protection. With its order book model and specialized lending markets, Loopscale has established itself as a promising player in the DeFi space. However, incidents like this highlight the need for continuous improvement and vigilance to ensure the integrity of these platforms.