Decentralized finance (DeFi) protocol Loopscale has confirmed that negotiations are underway with the hacker responsible for last week’s $5.8 million exploit, with both parties working toward a settlement that would see the stolen assets returned in exchange for a bounty.
Hack Followed by Immediate Response
The Solana-based platform disclosed the developments following a series of public on-chain communications. The security breach took place on April 26, when an unidentified attacker exploited a vulnerability in Loopscale’s pricing mechanism, withdrawing approximately 5.7 million USDC and 1,200 SOL tokens from two of its yield vaults. In response, the protocol suspended vault withdrawals and temporarily halted its lending markets, containing the situation while assessing the extent of the damage.
Loopscale swiftly opened a channel of communication with the attacker, offering a bounty for the safe return of the stolen assets. To expedite the resolution, Loopscale provided the hacker with a deadline of 6 AM EST on April 28 to respond to their proposal. The offer included a 10% bounty payment and legal immunity in exchange for the return of the remaining assets.
Settlement Structure and Legal Immunity Offer
The settlement tactic appears to have been effective, as the exploiter responded via a message on Etherscan, stating,
“We are agreeable to collaborating with you to reach a white hat agreement. However, we would like to negotiate the bounty percentage; our expectation is 20%.”
As a sign of good faith, the hacker returned 5,000 wrapped Solana (wSOL) tokens shortly after sending the message, indicating a willingness to cooperate.
Loopscale acknowledged the hacker’s acceptance of the terms in principle, revealing that the attacker had committed to returning the majority of the stolen funds in exchange for the agreed bounty. While the finer details of the arrangement, particularly the bounty percentage, remain under discussion, both parties are actively negotiating via public messages on-chain.
Protocol Assures Future Updates and Post-Mortem
Loopscale assured users that regular updates would follow as negotiations advance and promised a detailed report outlining the incident's cause and the corrective measures being adopted. The firm confirmed that the exploit was an isolated incident involving manipulation of its RateX PT token pricing mechanism and did not compromise the broader RateX collateral system.
Vault withdrawals remain suspended pending the conclusion of the negotiations and the recovery of funds. The company emphasized its commitment to reinforcing security standards to prevent similar incidents moving forward.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
