Loopscale Spoofed RateX Integration Unauthorized Loans

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 17:10, 9 May 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/loopscalespoofedratexintegrationunauthorizedloans.php}} {{Unattributed Sources}} thumb|Loopscale Logo/Homepage<ref name="rektnews-19480" /><ref name="loopscale-19481" /><ref name="loopscaledocs-19482" /><ref name="loopscalelabstwitter-19483" /><ref name="loopscalelabstwitter-19484" /><ref name="loopscalelabstwitter-19485" /><ref name="loopscalelabstwitter-19486" /...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Loopscale Logo/Homepage

[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18]

About Loopscale

Loopscale is a modular, next-generation lending platform designed for the evolving landscape of on-chain assets. It allows users to borrow and lend virtually any type of digital asset — including LP tokens, staked assets, and memecoins — while maintaining efficient, low-risk, and transparent market conditions. Its primary focus is on creating flexible, secure lending environments with the best possible rates and reduced volatility.

"Loopscale is a modular, order book–based lending protocol on Solana. It enables overcollateralized borrowing and lending across a wide range of digital assets, including staked tokens, liquidity provider positions, and more specialized primitives.

By replacing pooled liquidity and algorithmic rates with direct order book matching, Loopscale improves capital efficiency, enables more precise risk management, and supports new types of markets that are difficult to achieve with traditional DeFi architectures."

Loopscale enhances portfolio utility by allowing users to use diverse assets as collateral. Borrowers benefit from features like lower interest rates, increased borrowing power, and protection from market rate fluctuations. On the lending side, users can define lending parameters, access fixed-rate leverage opportunities, and pursue higher yields via direct lending mechanisms. Additionally, professional strategy managers offer curated vaults through the platform to maximize returns with tailored risk profiles.

The platform boasted over $25 million borrowed and $36 million supplied as of May 8th, 2025.

The Reality

Loopscale smart contracts contained a vulnerability where non-Loop borrows using RateX collateral were not properly validated, allowing a malicious program to spoof pricing data and inflate collateral value to bypass loan health checks.

What Happened

Loopscale experienced a targeted exploit due to a validation gap in its integration with the RateX pricing program, allowing an attacker to manipulate token prices and take unauthorized loans.

Key Event Timeline - Loopscale Spoofed RateX Integration Unauthorized Loans
Date Event Description
April 26th, 2025 6:51:00 AM MDT Attacker Funds Wallet The exploiter funds their wallet via a ChangeNOW swap from Monero to Solana.
April 26th, 2025 9:37:00 AM MDT Exploit Proceeds Withdrawn The exploiter completes the withdrawal of their exploited 39,474.5 SOL.
April 26th, 2025 11:30:00 AM MDT Loopscale Announces Exploit Loopscale publishes an announcement on Twitter/X stating that, as of 11:30 AM EST, a manipulation of its RateX PT token pricing functions resulted in an exploit of approximately 5.7M USDC and 1,200 SOL from its USDC and SOL Vaults. The incident affects around 12% of total protocol funds and is limited to vault depositors, with borrowers and loopers unaffected. All markets have been temporarily paused, and the team is actively working to restore repayment functions, coordinate with law enforcement and security experts, and recover the stolen assets. A full technical post-mortem will follow.
April 27th, 2025 4:12:11 AM MDT Loopscale Reaching Exploiter Loopscale sends the exploiter a formal message offering a whitehat agreement in response to the recent exploit. The team acknowledges the vulnerability in the pricing system and states they are working with law enforcement, security firms, exchanges, and bridges to track and freeze the stolen funds. They propose that if 90% of the exploited funds (35,527 SOL) are returned within 24 hours, the exploiter may keep 10% (3,947 SOL) as a bounty and be released from all liability. Failure to respond by April 28 at 6AM EST will result in legal action.
April 29th, 2025 7:39:00 AM MDT Loopscale Funds Returned Loopscale announces that, following successful negotiations, all funds taken from the protocol on April 26th — totaling 5,726,725 USDC and 1,211 SOL — have been fully returned. Users will incur no loss of deposits as a result of the incident, with further details, including information on vault withdrawals, to be shared soon.
May 8th, 2025 8:01:00 AM MDT Loopscale Re-Enables Withdrawals Loopscale announces that vault withdrawals are now re-enabled following a thorough code review conducted by @sec3dev. Additionally, the team has published a detailed incident post-mortem outlining the identified vulnerability, the steps taken to resolve it, and their ongoing commitment to enhancing platform security.

Technical Details

The exploit originated from incomplete validation in Loopscale’s integration with the RateX program, specifically in how PT (principal token) prices were calculated. Introduced on March 27 during an upgrade to support RateX collateral markets, the vulnerability allowed an attacker to spoof a RateX market using a malicious program that returned inflated PT exchange rates. This bypassed Loopscale's health checks for non-Loop borrows, as validations applied to other PT tokens were not consistently enforced. The exploit was technical and targeted, exploiting a specific integration flaw rather than a weakness in Loopscale’s core economic model, order book, or vault mechanics—all of which remained intact and unaffected.

"The vulnerability was limited to loans backed by RateX principal tokens. No other vaults or advanced lending positions were affected. Existing safeguards, including market isolation, collateral segregation, and liquidity buffers, helped contain the impact."


Total Amount Lost

"The exploit impacted the USDC and SOL Genesis Vaults, leading to temporary losses of 5,726,724.97 USDC across 3,126 depositors and 1,211.4 SOL across 2,047 depositors."

The total amount lost has been estimated at $5,893,000 USD.

Immediate Reactions

"Following the exploit, Loopscale engaged SEAL 911 to coordinate incident response. Over the next 12 hours, we shared exploit details with Wormhole Network contributors, notified centralized exchanges and swapping services to restrict off-ramping or swapping, and escalated the case with law enforcement."

Ultimate Outcome

"To close the vulnerability, the exploited check was updated to enforce strict validation of RateX program IDs during loan health checks. All related instructions were reviewed to ensure reliability and integrity of program inputs."

Total Amount Recovered

"All funds were fully recovered through coordinated efforts with ecosystem partners. Loopscale is reimbursing a $29,000 discrepancy caused by the attacker swapping USDC at less favorable rates than those at which the funds were later reacquired. No user deposits incurred any loss."

The total amount recovered has been estimated at $5,892,000 USD.

Ongoing Developments

Loopscale is implementing a comprehensive set of technical and operational safeguards to enhance protocol security and prevent future exploits. Key measures include expanded audit coverage by Sec3, a forthcoming bug bounty program, and mandatory third-party audits for all new features. Operational monitoring is being formalized with weekly reviews of system activity, and stricter access controls now require multisig authorization for critical updates.

"While the team publicly offered a 10% bounty during negotiations, they remain suspiciously silent about whether the exploiter will receive compensation for returning the loot, even when Rekt News reached out, they’re keeping it under wraps for now."

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Rekt - Loopscale - Rekt (Accessed May 8, 2025)
  2. Loopscale (Accessed May 8, 2025)
  3. Loopscale Documentation - Loopscale Docs (Accessed May 8, 2025)
  4. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  5. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  6. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  7. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  8. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  9. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  10. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  11. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  12. @LoopscaleLabs Twitter (Accessed May 8, 2025)
  13. Ethereum Transaction Hash (Txhash) Details - Etherscan (Accessed May 8, 2025)
  14. Post-Mortem: PT Collateral Pricing Incident - Loopscale Blog (Accessed May 8, 2025)
  15. https://solscan.io/tx/5gUkHPyAoKu7i2TmrWaQT4RxjV3wvY4XnH3VuyUzGZQJMZGsDb4KrZSQJez6sqWspNB8xiCsmvrDkFDCj6oDMkEb (Accessed May 8, 2025)
  16. https://solscan.io/tx/4uG4fVWmxXuZXNxw2BLWfTFVFbU4aYoqJ6PTntcD2dvRG9wL8csJraZ1MXYK8HjLWp5Wc6k3bwSfgcK861KTigN7 (Accessed May 8, 2025)
  17. Solana Price History and Historical Data | CoinMarketCap (Accessed Jun 2, 2023)
  18. @LoopscaleLabs Twitter (Accessed May 8, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Loopscale_Spoofed_RateX_Integration_Unauthorized_Loans&oldid=6700"