Solv Protocol did not have a good Thursday. The Bitcoin DeFi platform confirmed that attackers walked away with approximately $2.7 million after finding a hole in one of its smart contracts. For a protocol sitting on over $1.7 billion in Bitcoin reserves, $2.7M is a rounding error on paper. In practice, it is the kind of thing that keeps founders up at night.
The affected vault was the Bitcoin Reserve Offering vault, internally called BRO. Around 38.05 SolvBTC got drained out of it. SolvBTC is the platform’s Bitcoin-pegged token that users receive when they deposit BTC into the protocol.
How the Solv Protocol Attack Actually Unfolded
The team confirmed the breach publicly on X and moved fast to reassure users. All other vaults? Fine. The broader asset pool? Untouched. Fewer than 10 user accounts took a hit from this one. Solv Protocol also stated it will cover those losses in full, which at least shows some accountability.
On top of that, the team dropped an Ethereum wallet address on-chain and told the attacker they could keep 10% if they sent the rest back. So roughly $270,000 to walk away clean. Last check, the address was silent. No funds, no message, nothing moving on-chain.
Solv Protocol’s Bounty Offer Sits Unanswered
That silence is not exactly surprising. Most attackers who pull off a clean exit do not come back for 10%. But the move signals that Solv Protocol is at least following the standard post-exploit playbook rather than going completely dark.
A Double-Minting Bug Was at the Heart of It
Security firm Decurity flagged the root cause quickly through its automated monitoring tools. The vulnerability sat inside the BRO contract and allowed tokens to be minted far beyond their intended limit.
So what actually went down? The attacker spotted a flaw that let them manufacture 567 million BRO tokens out of just 135. They ran the same trick 22 times back to back, stacking up the inflated supply, then swapped the whole lot for around 38 SolvBTC before disappearing.
CD Security co-founder Chris Dior confirmed the repeated exploitation pattern. A researcher going by Pyro classified it as a reentrancy attack. Basically, the contract could be called again mid-transaction before it had a chance to update its own balances. So the attacker just kept looping it, pulling out a value each time the books were still open. It is a classic DeFi exploit, and honestly, one that good tooling should catch. The 2016 DAO hack ran the same playbook and nearly broke Ethereum in half. That was ten years ago, which makes it frustrating to still be writing these stories.
Solv Protocol Pulls in Three Security Firms
To its credit, Solv Protocol did not try to handle this quietly or alone. Hypernative Labs, SlowMist, and CertiK are all now involved in picking through what happened. Each of them has serious track records in post-breach forensics across DeFi, so if there is something to find in the contract logs, they will find it.
The team says the specific attack path has already been closed off. Probably smart not to share the technical details while the investigation is still running. What people actually want to see is the post-mortem. That document will tell us whether this was a known risk that slipped through review or something genuinely tricky to spot. Until it drops, the jury is out.
The SOLV Token Barely Moved
This part is genuinely surprising. SOLV was up about 2% on the day the exploit was confirmed. The wider crypto market was actually bleeding during that same window, so the token held up better than most. Either the market priced in the limited blast radius quickly, or a lot of SOLV holders simply did not panic.
Given that Solv Protocol controls well over $1.7 billion in Bitcoin reserves, the $2.7M loss represents a fraction of a percent of total holdings. That context probably helped keep things calm.
DeFi Has a Reentrancy Problem It Cannot Shake
Look, reentrancy bugs are not some mystery exploit that only elite hackers know about. Every Solidity developer learns about them. There are audit checklists specifically for catching them. And still, protocols keep shipping contracts with the same flaw baked in.
Part of it is speed. DeFi moves fast, new vaults get spun up, and security review sometimes gets squeezed to hit a launch date. Part of it is scope. Auditors only look at what they are asked to look at, and a new contract in a live ecosystem can interact with older code in ways nobody mapped out. The result? Gaps. And attackers are very patient about finding them.
When you are managing the kind of reserves Solv Protocol is managing, that mindset has to change. One audit before launch is not a security strategy. It is a starting point.
What is Solv Protocol?
A Bitcoin DeFi platform where you deposit BTC and receive SolvBTC tokens in return. Those tokens can be put to work through lending, staking, and borrowing products built on top of the platform. It reportedly holds more than 24,000 BTC in on-chain reserves.
How much was stolen and from where?
The attacker pulled out 38.05 SolvBTC, worth around $2.7 million at the time. It came from one specific vault called BRO. Everything else on the platform was left alone.
Are affected users going to be compensated?
Yes. Solv Protocol confirmed it will fully cover losses for all impacted users. Fewer than 10 accounts were affected.
What was the actual vulnerability?
A double-minting flaw inside the BRO smart contract, exploited repeatedly in what researchers are describing as a reentrancy attack. The attacker triggered it 22 times before converting the inflated tokens into real SolvBTC.
Get the news in a Jist. Follow Cryptojist on X and Telegram for real-time updates!
Disclaimer:
Look, we’re just journalists reporting the news here, not your financial advisors. Everything you read above is for information purposes only. Crypto is wild, unpredictable, and can absolutely wreck your savings if you’re not careful. Never invest money you can’t afford to lose. Seriously, we mean it. Do your own research, talk to actual licensed financial professionals, and remember that past performance means absolutely nothing when it comes to future results. The crypto market can turn on a dime, and what’s hot today might be toast tomorrow. We’re not responsible for your investment decisions, good or bad. Trade smart, stay safe, and don’t bet the farm on anything you read on the internet, including this article.
Bitcoin 
Tether 
BNB 