Loopscale (formerly Bridgesplit): Oracle Price Manipulation (RateX PT Token Pricing)
Loopscale lost $5.8M just 16 days after launch when an attacker reverse-engineered the protocol's binary, deployed a fake price feed inflating RateX PT token values, and drained both USDC and SOL vaults through undercollateralized loans — recovering most funds via a rare successful whitehat bounty deal.
Summary #
Loopscale (formerly Bridgesplit) suffered a Lending / Yield Optimization on 2025-04-26, resulting in a loss of approximately $6M.
What happened #
Loopscale lost $5.8M just 16 days after launch when an attacker reverse-engineered the protocol's binary, deployed a fake price feed inflating RateX PT token values, and drained both USDC and SOL vaults through undercollateralized loans — recovering most funds via a rare successful whitehat bounty deal.
Linked factors #
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: Yes — recently launched (16 days); new RateX PT pricing logic]
- RD-F-076 — related : Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 16 days (launched April 10; exploited April 26)]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — PT token reported price vs. RateX market price divergence detectable]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Original protocol (not a fork)]