Loopscale got completely rekt for $5.7 million last weekend, and they responded by sliding into the hacker's DMs with a job offer.

The Solana DeFi protocol lost 12% of its total value locked (TVL) when someone discovered a way to manipulate its RateX PT token pricing mechanism.

Now they've managed to recover $2.8 million by essentially telling the attacker, "Keep 10%, we won't call the police."

The Exploit Details

Some galaxy-brain hacker figured out how to drain Loopscale's USDC and SOL vaults and make off with the funds like a bandit. 

The exploit walked away with $5.7 million in user funds on April 26th, targeting only the vault depositors.

Borrowers and "loopers" dodged the bullet, but about 7,000 lenders weren't so lucky.

Loopscale immediately applied the emergency brake, suspending withdrawals and lending until they could figure out the root cause of the issue.

The Negotiation Playbook

Loopscale went straight to on-chain messaging, sliding into the hacker's wallet with an offer they hoped wouldn't be refused.

"Keep 10%, return 90%, and we'll call it a white hat bounty instead of theft" – the DeFi equivalent of plea bargaining.

They added a 24-hour deadline, accompanied by the usual "or we'll call the FBI" threat, which is a typical response after a protocol is compromised.

The hacker responded before the clock ran out, sending back 5,000 WSOL ($740K) as a show of good faith.

The Recovery Continues

As of today, the hacker has returned 19,463 WSOL (about $2.88 million) to Loopscale's wallets.

That's roughly half of what was stolen, with negotiations still ongoing for the rest.

Loopscale is calling this "progress" in the most corporate way possible while users are still waiting to get their funds back.

The attacker is now being rebranded from "malicious exploiter" to "ethical hacker," given their so-far good-faith move and collaboration with the Loopscale team.

The New Normal

Loopscale isn't the first protocol to negotiate with hackers instead of issuing legal threats.

Term Finance just pulled the same move, and more protocols are realizing that a bird in hand is worth two in some anonymous wallet.

2025 is already breaking records for crypto exploits with $1.6 billion stolen in Q1 alone.

Price oracle manipulation is still the favored method for DeFi exploits – you'd think protocols would have figured this out by now.

A New Era For Hacking?

Loopscale promises a detailed post-mortem that will probably use the phrase "moving forward" at least 12 times.

The team is working to restore functionality while users are calculating exactly how much they lost in this "learning experience."

The bigger question is whether paying 10% bounties actually deters hackers or just sets the market rate for successful exploits.

Either way, DeFi users are getting another harsh reminder that your funds are only as safe as your protocol's least-audited smart contract.