- Trending
- Comments
- Latest
Solv Protocol, a Bitcoin yield vault platform, lost approximately $2.7 million on March 5, 2026, when an attacker exploited a double-mint vulnerability in one of its Bitcoin Reserve Offering (BRO) vaults.
The attacker minted 567 million BRO tokens from just 135 tokens by executing the exploit 22 times before converting them to SolvBTC.
The exploit drained 38.0474 SolvBTC, affecting fewer than 10 users, while other protocol vaults and user assets remained secure.
Solv Protocol, a DeFi platform designed to turn Bitcoin (BTC) into a yield-generating asset through structured vault products, confirmed the breach shortly after it was detected.
“A limited exploit occurred in one of our BRO vaults… the impacted amount is 38.0474 SolvBTC. All other vaults and user funds remain secure and unaffected.”
Solv Protocol team, statement on X (formerly Twitter).
The company also pledged to fully reimburse affected users, signaling that the losses will be covered from its treasury reserves.
Security researchers say the attacker exploited a double-mint vulnerability in the vault’s smart contract.
According to automated monitoring from blockchain security firms, the attacker executed the exploit 22 times, turning 135 BRO tokens into roughly 567 million BRO tokens through artificial inflation.
These newly minted tokens were then swapped for 38 SolvBTC, effectively draining funds from the vault.
The exploit was not a systemic collapse of the entire protocol but rather a targeted attack on a specific vault contract, which limited the scope of the damage.
Blockchain analytics firm Decurity flagged the abnormal minting activity during the attack.
“The attacker exploited a double-mint flaw in the BRO contract 22 times, converting a small token balance into hundreds of millions before swapping them for SolvBTC.”
Security analysis cited by industry reports.
This type of vulnerability is common in DeFi exploits, where flaws in token-minting logic allow attackers to artificially inflate supply and extract underlying assets.
The attack underscores the technical complexity of yield-bearing Bitcoin products and the importance of thorough smart-contract audits.
In response to the breach, Solv Protocol has offered a 10% “white-hat” bounty to the attacker in exchange for returning the stolen funds.
The strategy mirrors a growing trend in DeFi incident response, where protocols negotiate with hackers in hopes of recovering assets.
“We’re offering a 10% white-hat bounty and request the return of the funds,” — Solv Protocol, incident update.
If the attacker accepts the offer, the protocol could recover the majority of the stolen funds, reducing the net financial impact of the exploit.
The team is also working with several blockchain security firms, including Hypernative Labs, SlowMist, and CertiK, to investigate the breach and prevent further attacks.
The drained amount represents roughly 0.5% of Solv Protocol’s total value locked (TVL), estimated at more than $500 million, suggesting the platform’s core liquidity remains intact.
Market reactions have been relatively muted. Some trading data indicated a short-term dip in SolvBTC prices after the exploit, although the platform’s native token and overall ecosystem activity remained stable.
Still, the incident adds to a growing list of DeFi security breaches that continue to challenge investor confidence in decentralized financial infrastructure.
Smart-contract vulnerabilities remain one of the most persistent risks in crypto markets, where code errors can instantly lead to multi-million-dollar losses.
As investigations continue, the recovery of the stolen funds and the protocol’s ability to strengthen its security architecture will likely determine whether the incident becomes a minor setback or a longer-term reputational challenge for the platform.
Copyright © 2025 - The Bit Gazette.
