Skip to main content
Sign in
Loopscale3 decisions on this page

Audit log

Every state-changing event for Loopscale: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-27 02:44:42Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,413,692
    sig
    2C1HK68TV1rV…5N4kikN9explorer ↗
    hash
    AsrrcVc8DX8B…moGTv82Usha256 → base58
    verifying row…full verify ↗
    canonical bytes (5976 B) ▸
    {"actor":"system:backfill","investigation_id":"baaab0fc-d2b6-4bba-966e-df154087f643","kind":"publish","page_slug":"loopscale","published_at":"2026-05-27T02:44:42.387Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Loopscale","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptorank.io/ico/bridgesplit","type":"other","url":""},{"credibility":3,"name":"https://www.crunchbase.com/organization/loopscale","type":"other","url":""},{"credibility":3,"name":"https://www.rootdata.com/Projects/detail/Loopscale?k=MzE1NA%3D%3D","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/352083/solana-defi-protocol-loopscale-hit-with-5-8-million-exploit-two-weeks-after-launch","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/loopscale-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-loopscale-hack-april-2025","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=loopscale-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/oshieldio/Publications/blob/main/Loopscale/loopscale-v1.md","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/loopscale-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.vibraniumaudits.com/post/loopscale-exploited-for-5-8-million-just-two-weeks-after-launch","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/academy/article/loopscale-loses-dollar58-million-in-exploit-two-weeks-after-launch-halts-key-operations","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://invezz.com/news/2025/04/28/loopscale-hacker-accepts-bounty-offer-to-return-5-8-million-in-usdc-and-sol/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/hackers-behind-5-8m-loopscale-hack-agree-to-return-funds-in-exchange-for-10-bounty/","type":"other","url":""},{"credibility":3,"name":"https://blockchainreporter.net/loopscale-recovers-5-8m-after-exploit","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/loopscale-rekt","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/academy/article/loopscale-loses-dollar58-million-in-exploit-two-weeks-after-launch-halts-key-operations","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/loopscale-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/solana-loopscale-suffers-5-8m-exploit-sparking-closed-source-debate-2504/","type":"other","url":""},{"credibility":3,"name":"https://www.auditone.io/blog-posts/the-loopscale-incident-a-case-study-in-oracle-exploitation","type":"other","url":""},{"credibility":3,"name":"https://coincodecap.com/loopscale-review","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/hackers-steal-7-million-defi-protocols-loopscale-term-finance/","type":"other","url":""},{"credibility":3,"name":"https://coinchapter.com/hackers-drain-7-million-in-loopscale-hack-and-term-finance-hack-amid-defi-exploits-2025/","type":"other","url":""},{"credibility":3,"name":"https://www.nasdaq.com/articles/crypto-market-recap-loopscale-faces-us-58-million-hack-coinbase-preps-new-institutional","type":"other","url":""}]}],"sources_used":[],"summary":"Loopscale is a Solana-based DeFi lending protocol (formerly Bridgesplit) launched on April 10, 2025, backed by Coinbase Ventures, Solana Labs, and CoinFund. On April 26, 2025 — just 16 days after launch — the protocol suffered a $5.8 million oracle pricing exploit affecting its Genesis Vaults, an attack vector that had been flagged in its pre-launch OShield security audit but was allegedly inadequately remediated. All stolen funds were ultimately recovered via negotiation with the exploiter, and user deposits suffered no permanent loss.","timeline":[{"date":"2021-02-01","event":"Luke Truitt and Mary Gooneratne co-found Bridgesplit, focused on NFT fractionalization on Solana.","source":""},{"date":"2021-12-01","event":"Bridgesplit raises approximately $4.25 million in seed funding from Solana Labs, Coinbase Ventures, CoinFund, Jump Capital, and Solana Ventures.","source":""},{"date":"2025-01-16","event":"OShield begins security audit of Loopscale smart contracts.","source":""},{"date":"2025-02-24","event":"OShield audit concludes; report identifies 3 critical, 1 high, 1 medium, and 2 informational issues. All reported as remediated.","source":""},{"date":"2025-04-10","event":"Loopscale (rebranded from Bridgesplit) launches publicly on Solana with USDC and SOL Genesis Vaults; capacity set at $40 million.","source":""},{"date":"2025-04-26","event":"Attacker exploits RateX PT collateral pricing flaw; drains 5,726,725 USDC and 1,211 SOL ($5.8 million, ~12% of TVL) in four transactions.","source":""},{"date":"2025-04-26","event":"Loopscale halts vault withdrawals, new deposits, and lending markets. Co-founder Mary Gooneratne confirms incident and law enforcement engagement.","source":""},{"date":"2025-04-27","event":"Loopscale broadcasts on-chain bounty offer to attacker: return 90% of funds for 10% bounty and immunity from prosecution; 24-hour deadline issued.","source":""},{"date":"2025-04-28","event":"Attacker counters with demand for 20% bounty; returns smallest Wormhole tranche ($735,000) as show of good faith.","source":""},{"date":"2025-04-29","event":"All stolen assets (5,726,725 USDC and 1,211 SOL) fully returned. Loopscale confirms zero user losses.","source":""},{"date":"2025-05-01","event":"Loopscale resumes full operations following post-exploit security review.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision d6052ef8-c1c6-437a-893a-f8967e0c976b
  2. #2reviewby reviewerreviewer
    2026-05-30 13:03:59Z
    Score: 3838 (no score change)
    The Loopscale investigation page is well-supported in its core factual claims: the exploit date, amounts, mechanism, and recovery are all corroborated by multiple credible sources including the primary OShield audit report and major crypto news outlets. Minor issues include the omission of Jump Capital from the backer list, ambiguity around whether the audit issue was 'inadequately remediated' vs 'not covering this specific flaw,' and an unverifiable May 1 operations-resumption date that may be inaccurate based on the embedded tweet ID.
    anchoranchored
    chain
    mainnet-betaslot 423,162,028
    sig
    5Z3WrHuMoX2B…25G6gT1Nexplorer ↗
    hash
    AZnXdBHzkRtR…R8yjiAr8sha256 → base58
    verifying row…full verify ↗
    canonical bytes (887 B) ▸
    {"actor":"reviewer","decided_at":"2026-05-30T13:03:59.091Z","decision":"review","investigation_id":"baaab0fc-d2b6-4bba-966e-df154087f643","new_score":38,"page_slug":"loopscale","prev_score":38,"reason":"The Loopscale investigation page is well-supported in its core factual claims: the exploit date, amounts, mechanism, and recovery are all corroborated by multiple credible sources including the primary OShield audit report and major crypto news outlets. Minor issues include the omission of Jump Capital from the backer list, ambiguity around whether the audit issue was 'inadequately remediated' vs 'not covering this specific flaw,' and an unverifiable May 1 operations-resumption date that may be inaccurate based on the embedded tweet ID.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision d84dffe8-4949-40f5-94fe-25979d0d2dce
  3. #3review approveby judgejudge
    2026-05-30 13:03:59Z
    Score: 3838 (no score change)
    The review found 11 of 15 claims fully confirmed and 0 disputed, placing the disputed percentage at 6.7% — within the approval band. The three partially-supported findings are minor in scope: claim_findings[1] and claim_findings[6] flag that Jump Capital co-led the seed round but is omitted from the summary backer list, and claim_findings[3] notes reasonable ambiguity about whether the OShield audit inadequately remediated the attack vector versus missing a related but distinct flaw. The one unverifiable claim (claim_findings[14], May 1 operations resumption date) raises a plausible date discrepancy based on the embedded tweet ID, but this does not affect the core factual record of the exploit, recovery, and zero user losses. No link rot, no stale sources, and no high-priority coverage gaps were identified. The page accurately represents the Loopscale exploit incident and recovery with strong multi-source corroboration.
    anchoranchored
    chain
    mainnet-betaslot 423,162,031
    sig
    2ufD2RRG1K64…apWHAzUVexplorer ↗
    hash
    BtKpWavtohJn…Q9g4vALBsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1283 B) ▸
    {"actor":"judge","decided_at":"2026-05-30T13:03:59.091Z","decision":"review_approve","investigation_id":"baaab0fc-d2b6-4bba-966e-df154087f643","new_score":38,"page_slug":"loopscale","prev_score":38,"reason":"The review found 11 of 15 claims fully confirmed and 0 disputed, placing the disputed percentage at 6.7% — within the approval band. The three partially-supported findings are minor in scope: claim_findings[1] and claim_findings[6] flag that Jump Capital co-led the seed round but is omitted from the summary backer list, and claim_findings[3] notes reasonable ambiguity about whether the OShield audit inadequately remediated the attack vector versus missing a related but distinct flaw. The one unverifiable claim (claim_findings[14], May 1 operations resumption date) raises a plausible date discrepancy based on the embedded tweet ID, but this does not affect the core factual record of the exploit, recovery, and zero user losses. No link rot, no stale sources, and no high-priority coverage gaps were identified. The page accurately represents the Loopscale exploit incident and recovery with strong multi-source corroboration.","score_delta":0,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision b034d311-acdd-4eb5-b3e3-46060a32778b
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.