Solv Protocol Bitcoin Reserve Hacked, $2.7 Million SolvBTC Stolen

Solv Protocol, a DeFi platform centered around Bitcoin, announced on Thursday that its Bitcoin Reserve Offering (BRO) token vault was targeted in a focused attack, resulting in a loss of 38.0474 SolvBTC, worth approximately $2.7 million at the market price at the time, affecting fewer than 10 users.

Attack Mechanism: Technical Logic of the Double Minting Vulnerability

The core flaw in this attack was that the “BitcoinReserveOffering” smart contract failed to effectively prevent the repeated execution of the minting function. The attacker triggered the double minting logic 22 times, starting with an initial 135 BRO tokens, ultimately inflating the holdings to 567 million BRO (about 4.2 million times the initial amount), and exchanged this artificially inflated BRO for about 38 SolvBTC to exit. The entire attack relied on the contract’s lack of verification against repeated execution, representing a high-risk vulnerability in smart contract security audits.

Solv Protocol stated on X: “All other vaults and user funds remain secure and unaffected. We are actively investigating with top security partners and have taken measures to prevent similar incidents from happening again.”

Loss Response: Compensation Promise, Security Review, and White Hat Bounty

Solv’s response to this attack includes three aspects:

Full Compensation Commitment: Solv has stated it will cover the entire loss of 38.0474 SolvBTC, ensuring that fewer than 10 affected users receive full compensation and are not harmed by platform vulnerabilities.

Joint Security Investigation: Solv is collaborating with renowned blockchain security firms such as Hypernative Labs, SlowMist, and CertiK, and has deployed measures to prevent the same vulnerability from being exploited again.

White Hat Bounty Proposal: Solv proactively offered the attacker a 10% white hat bounty in exchange for returning the remaining funds, a common negotiation mechanism in DeFi security incidents.

Background and Organizational Layout of Solv Protocol

At the time of the attack, Solv Protocol claimed to be the world’s largest on-chain Bitcoin reserve vault, with an official website showing a current Bitcoin holding of 24,226 BTC. According to DefiLlama data, the total value locked in SolvBTC exceeds $508 million, far surpassing the $2.7 million stolen. Solv emphasized that this was a “limited attack” and did not cause systemic issues to the overall protocol.

Investors in Solv include Blockchain Capital, among others. Last year, Beijing Zeda Network Group (NASDAQ: ZNB) announced plans to raise $230 million through private placement to build a crypto treasury including BTC and SolvBTC, indicating increasing institutional interest in Solv’s assets.

Frequently Asked Questions

What is SolvBTC, and how does it work?

SolvBTC is Solv Protocol’s flagship wrapped Bitcoin asset, allowing retail and institutional investors to earn yields while holding Bitcoin. Users can deposit Bitcoin into Solv’s on-chain reserve vault in exchange for SolvBTC tokens, which represent their share in the underlying Bitcoin asset pool and can be further used within the DeFi ecosystem.

How was the double minting vulnerability exploited in this attack?

The attacker triggered the “BitcoinReserveOffering” smart contract’s double minting function 22 times, bypassing normal quantity verification logic, inflating the initial 135 BRO tokens to over 567 million, then exchanged approximately 38 SolvBTC for cash. The entire process exploited the contract’s failure to properly prevent repeated execution.

Were other user funds on Solv Protocol affected?

According to Solv Protocol’s official statement, the attack was limited to the BRO token vault, affecting fewer than 10 users. All other vaults and user funds remain unaffected. Solv has committed to full compensation for affected users and is conducting joint security investigations with Hypernative Labs, SlowMist, and CertiK.