agreement with hacker, funds returned with a 10% bounty

The Loopscale hack of 5.8 million dollars surprisingly ended with the return of the funds by the hackers, thanks to an agreement that grants them a 10% bounty. 

The decentralized finance (DeFi) platform announced the news in a post on X on April 28.

What happened to the Loopscale protocol? All the details of the agreement with the hackers 

On April 26, 2025, the Loopscale platform was the victim of a cyber attack that exploited a vulnerability in the pricing system of the RateX PT token. 

Through this manipulation, the hackers managed to steal approximately 5.7 million dollars in USD Coin and 1,200 Solana (SOL) tokens directly from the dedicated vaults.

The attack forced Loopscale to immediately suspend all operations on the markets and limit withdrawals from the vaults, focusing on investigating the breach. 

It is important to emphasize that, according to the official communication from the platform, the collateralization mechanism via RateX was not compromised, and the damage affected exclusively the depositors of the USDC and SOL vaults.

The day after the attack, on April 27, 2025, Loopscale made a public proposal to the authors of the hack: return 90% of the stolen assets in exchange for a bounty equal to 10% of the loot. 

In total, the offer included 3,947 SOL for the hackers, while the remaining 35,527 SOL would be recovered and returned to the affected depositors.

The proposal also included complete immunity from any legal actions, provided that the agreement was adhered to punctually. The hackers had until April 28 at 6:00 AM EST to accept the offer.

This approach is increasingly common in the world of criptovalute.

Many platforms indeed prefer to deal directly with the perpetrators of the thefts, classifying them as white-hat hacker (ethical hackers) in exchange for the return of the funds and valuable information about the vulnerability exploited.

A few hours before the deadline, the authors of the Loopscale hack accepted the agreement. Loopscale, in its post on X, thanked the hackers for choosing “a friendly resolution” of the incident.

In the coming days, the platform has promised to provide updates on:

• – The resumption of withdrawal operations from the vaults;
• – A detailed analysis of the incident (“post-mortem report”).

This moment will be crucial to strengthen the community’s trust, still shaken by one of the most significant thefts of 2025 up to this point.

Broader Implications for DeFi Security

The case of Loopscale is part of an alarming trend: the DeFi sector has suffered losses of over 1.6 billion dollars due to hacks in the first quarter of 2025 alone, making it the worst ever recorded to date.

Other relevant attacks this year include:

• – The theft of 572,000 dollars suffered by the SIR.trading platform;
• – The exploit of 5 million dollars against ZKSync;
• – The 7 million dollar attack on the KiloEx protocol.

These numbers highlight a growing vulnerability of the DeFi ecosystem despite the efforts of development teams and communities to improve security.

With the return of almost all the funds, Loopscale now faces a dual challenge: restoring operations and, above all, regaining the trust of the users. 

Investors will watch closely:

• – To the transparency of future communications;
• – Strengthening of the code auditing procedures;
• – To the implementation of more robust protection systems against price manipulation.

Although the platform specified that the collateralized system RateX was not affected, the focus will be on correcting any pricing vulnerabilities that could be exploited again.

Conclusions: a relevant precedent for DeFi

The management of the Loopscale hack establishes an interesting precedent for the DeFi sector. The compromise between the return of the funds and granting a bounty to the hackers shows a pragmatic way to minimize losses without initiating long, costly, and often inefficient legal battles.

However, this method also raises important questions about deterrence for future attacks: does considering hackers as remunerated collaborators risk incentivizing new offensives?

For now, Loopscale promises a safer and more proactive approach to user protection. 

The DeFi community will need to closely observe the evolution of this matter to understand if such strategies can truly reduce systemic risks or if they merely represent a temporary solution.