Loopscale Recovers Nearly Half of Stolen Funds in DeFi Hack Bounty Talks

Last weekend's massive exploit on the DeFi protocol Loopscale has taken a significant turn for the better, as nearly half of the stolen funds have been recovered. The $5.7 million hack, which occurred on April 26, saw attackers manipulate Loopscale's RateX PT token pricing functions to drain approximately $5.7 million in USDC and 1,200 Solana (SOL) from its USDC and SOL vaults.

The exploit had a significant impact on the platform, with nearly 12% of its total funds being stolen from just vault depositors, leaving borrowers and loopers unaffected. However, Loopscale's team has shown resilience in the face of this challenge, engaging in white hat negotiations with the attacker to recover some of the lost funds.

A Glimmer of Hope: Bounty Talks Progress

In an April 29 update posted to X, Loopscale confirmed that approximately 19,463 Wrapped SOL (WSOL) worth roughly $2.88 million have been returned to its wallets since April 28. The first two returns included 10,000 WSOL (~$1.48 million) and 4,463 WSOL (~$660,000), following an earlier recovery of 5,000 WSOL (~$740,000).

"Our pursuit of an amicable resolution regarding Saturday's incident continues to make progress," the team wrote in their update.

The Bounty Offer: A Path to Recovery

On April 27, Loopscale's team sent an onchain message to the exploiter, offering them a 10% bounty and a full release of liability in exchange for the return of 90% of the stolen funds. The team warned that if no agreement were reached within 24 hours, it would contact law enforcement.

At 3:52 pm Eastern Time on April 28, Loopscale announced it had received a response from the exploiter, who indicated willingness to negotiate a return in exchange for a bounty. This development marks a significant step forward in the recovery efforts and suggests that white hat negotiations are yielding positive results.

A Glimmer of Hope for DeFi Recovery

While recoveries are not very common in decentralized finance, there have been more instances of successful fund returns as of late. The recent incident involving Ethereum-based lending protocol Term Finance is a notable example, where the team recovered $1 million of the $1.6 million lost in an incident involving a misconfigured oracle on its Treehouse (tETH) market.

In the first quarter of 2025, hackers stole more than $1.6 billion worth of crypto from exchanges and onchain smart contracts, blockchain security firm PeckShield said in an April report. More than 90% of those losses are attributable to a $1.5 billion attack on Bybit, a centralized cryptocurrency exchange, by North Korean hacking outfit Lazarus Group.

A Path Forward for Loopscale

The recovery of nearly half of the stolen funds is a significant victory for Loopscale and its users. While the road to full recovery may be long and arduous, the team's persistence and engagement with white hat hackers offer hope for a more positive outcome.