Loopscale Offers Hacker Behind $5.7M USDC and SOL Exploit a Deal: Return 90% and Keep 10%

Loopscale, a decentralized borrowing and lending platform, has offered a hacker who exploited its protocol to steal $5.7 million in USDC and 1,200 SOL a deal.

According to a Thursday morning post, Loopscale is giving the hacker immunity from liability in exchange for returning 90% of the stolen funds and keeping 10% as a bounty. The platform also threatens legal action if the hacker does not comply by April 28 at 6 a.m. EST.

"We are offering an exit strategy for the attacker to return 90% of the stolen funds and keep 10% as a bounty reward, in addition to being released from any and all liability regarding the attack," Loopscale said in a message to the hacker. "This offer of bounty and immunity will expire on April 28 at 6:00 a.m. EST, at which point we will be forced to pursue full recovery of funds and legal action against the attacker."

The latest message from the borrowing and lending platform comes less than 24 hours after it first revealed the exploit and began monitoring and freezing stolen funds with law enforcement and exchanges.

In a previous post on X, Loopscale said the exploit impacted “roughly” 12% of funds on the platform and only affected “depositors to the Loopscale USDC and SOL vaults.”

A later update saw the platform re-enable loan repayments, top-ups and loop closing, while other app functions were still temporarily “restricted.” The same update also shared the findings of an initial probe into the incident.

"The root cause of the exploit has been identified as an isolated issue with Loopsoperability's pricing of RateX-based collateral. There is no issue with RateX itself related to this. Loss of funds explicitly affects depositors to SOL and USDC Genesis vaults," Loopscale explained in the update.