The hacker behind crypto lender Loopscale’s $5.7 million heist has agreed to return the stolen funds for a 10% bounty. This resolution highlights a growing trend of negotiating with hackers to recover losses in the volatile world of decentralized finance.
Hacker Returns 90%, Keeps 10%
On April 26, 2025, Loopscale, a Solana-based lending platform that launched just two weeks earlier, suffered a major security breach. A hacker exploited a flaw in the platform’s collateral pricing system, draining 5.7 million USDC and 1,200 SOL, roughly 12% of Loopscale’s total value. The attack targeted the platform’s USDC and SOL vaults, forcing Loopscale to halt lending markets and freeze vault withdrawals to prevent further losses.
Co-founder Mary Gooneratne announced the team’s immediate investigation, working with security experts to trace the funds. Loopscale offered the hacker a whitehat agreement, promising a 10% bounty of about $570,000 and no legal action if the funds were returned by April 28. Initially, the hacker demanded a higher bounty but returned 5,000 SOL (worth $750,000) as a gesture.
Loopscale confirmed today that the hacker has kept the agreement to return the remaining funds for the 10% bounty, with negotiations ongoing to finalize the transfer. The platform is preparing a detailed post-mortem to address the pricing vulnerability and enhance security.
A Growing Trend
This case reflects a growing strategy in crypto bounty offerings to recover stolen funds. As hacks surge, with $1.6 billion lost in Q1 2025 alone, bounties are becoming a practical tool. They tend to incentivize hackers to return funds without lengthy legal battles, benefiting platforms and users. Loopscale’s approach mirrors recent incidents, like the $572,000 SIR. trading theft and the $7 million KiloEx hack, where platforms negotiated similar deals.
The recent $5 million exploit involving ZKSync has resulted in a partial recovery of funds through the implementation of bounties. While this approach is subject to debate, it highlights a significant trend within the crypto industry towards more pragmatic solutions in response to increasing security challenges. The case of Loopscale may establish a notable precedent, encouraging platforms to prioritize recovery efforts rather than engage in confrontation.
As Loopscale works to restore operations, the crypto community awaits its full report. With vault withdrawals still frozen, the successful return of funds could rebuild trust and highlight bounties as a viable response to the persistent threat of DeFi exploits.