Loopscale Reopens Withdrawals: Here’s What You Need to Know

Twelve days after the emerging Solana DeFi application suffered a $5.8M exploit, Loopscale has successfully reopened vault withdrawals, giving users access to their deposited funds.

According to a post-mortem published by Loopscale earlier today, the exploit affected 3,126 $USDC depositors and 2,047 $SOL depositors. Following negotiations with the attacker, Loopscale has fully recovered all funds, ensuring users incurred no loss.

What security improvements has Loopscale implemented to safeguard the protocol, and how are loyal depositors being rewarded? 

Loopscale Reopens Withdrawals

At 10 AM EST, Loopscale reopened vault withdrawals, enabling depositors to reclaim their funds following one of Solana DeFi’s biggest protocol hacks in recent memory. To ensure protocol stability and security, Loopscale has imposed 24-hour withdrawal limits on a per-user, per-vault basis.

While this may sound concerning at first, withdrawal limits are unlikely to affect the bulk of Loopscale depositors. Stablecoin withdrawal limits are set at $500k per 24-hour period, while $SOL and $jitoSOL limits are capped at 2,500 $SOL and 500 $jitoSOL, respectively.

Despite users in Loopscale’s Discord server begging for vaults to reopen, liquidity outflows have been insubstantial. At press time, Loopscale TVL has remained steady at around ~$38M, a figure relatively unchanged since vault withdrawals reopened.

All Depositors Made Whole

Laying bare a full account of the attack, Loopscale’s post-mortem confirms that the hacker exploited an oracle pricing vulnerability to spoof an artificially inflated RateX PT exchange rate, enabling the hacker to take out undercollateralized loans. 

Loopscale has since assured users that the exploit was due to a technical flaw, not a failure of the protocol’s inherent economic model or architecture.

While the attacker initially agreed to return 90% of the exploited funds, Loopscale has, through undisclosed means, recovered the entirety of the stolen assets. 

Moving forward, Loopscale is introducing a wealth of new security improvements to better safeguard user funds. These include protocol-wide audits from Sec3, a bug bounty program, feature-specific auditing, improved operational monitoring, and multi-signature authorization checks on updates to market, vault, and oracle parameter updates.

With depositors made whole and withdrawals reopened, users have applauded Loopscale for their handling of the incident. 

Points Farmers Distressed Over Boosted Rewards

In a bid to encourage user retention and fresh deposits, Loopscale is boosting points emissions on affected vaults. Until June 7th, vault and advanced lending depositors with positions in Loopscale at the time of the hack will effectively receive double rewards.

Loopscale users have celebrated the additional rewards, however, others are fearful that the increased emissions will devalue Loopscale points long-term. While new depositors will not receive boosted points, existing users will have the multiplier applied to newly deposited funds.

Users now eagerly await the completion of further audits before deposits are re-enabled and full protocol functionality resumes.

Read More on SolanaFloor

BitcoinFi finds a home on Solana

$zBTC Supply Up 153% in 7D as Solana BitcoinFi Evolves

SolanaFloor Sits Down with Loopscale Co-Founder