- Solv Protocol lost $2.7M after a smart contract flaw allowed attackers to mint excess tokens and swap them for 38 SolvBTC.
- The platform offered the hacker a 10% bounty and promised to fully reimburse fewer than 10 affected users.
- The exploit adds to rising DeFi security incidents following recent attacks on Curve Finance and CrossCurve protocols.
A sudden exploit has hit Bitcoin-based DeFi platform Solv Protocol, exposing a vulnerability that drained about $2.7 million from one token vault. The platform quickly confirmed the breach on X and revealed that fewer than ten users lost funds during the incident.
The attack targeted a vault linked to SolvBTC, a token pegged to Bitcoin and used across several decentralized finance services. As a result, the Solv team said it will fully reimburse users for the stolen 38.05 SolvBTC. Moreover, the platform offered the attacker a 10% white-hat bounty if the funds are returned quickly.
Besides offering the bounty, the team acted fast to contain the issue and prevent further damage. The protocol also tried to calm user concerns, saying, “Your funds are safe—thank you for your trust as we strengthen the protocol.” Additionally, Solv confirmed that the rest of its vaults and user funds remain safe and unaffected.
The platform currently holds more than 24,226 Bitcoin, valued at over $1.7 billion. However, the incident has raised fresh concerns about security risks within the growing Bitcoin-based DeFi ecosystem.
Smart Contract Flaw Enabled Token Minting
Security researchers soon identified the technical weakness behind the breach. Experts from Hypernative, SlowMist, and CertiK joined Solv’s investigation immediately after detection.
According to Chris Dior, co-founder of CD Security, the attacker exploited a smart contract vulnerability multiple times. The attacker triggered the flaw 22 times and minted excessive tokens within the protocol’s system. Consequently, the hacker swapped hundreds of millions of those tokens for slightly above 38 SolvBTC.
Another researcher known as Pyro described the incident as a re-entrancy attack. This method manipulates smart contract logic through repeated calls before transaction completion. Moreover, this exploit technique has affected many decentralized finance platforms over the years. Solv has not yet released a complete technical breakdown of the vulnerability.
However, the platform shared an Ethereum wallet address and invited the attacker to negotiate through on-chain communication. Data from Etherscan shows that the hacker has not responded yet.
Rising Pattern of DeFi Exploits
This exploit adds to a growing list of recent decentralized finance security incidents. Earlier this week, markets tied to Curve Finance faced a separate vulnerability affecting its sDOLA LlamaLend pools. Attackers manipulated the oracle pricing system and reportedly captured about $240,000 using flash loans.
Additionally, cross-chain liquidity protocol CrossCurve suffered another major exploit in early February. Hackers bypassed gateway validation through spoofed cross-chain messages and unlocked funds from the PortalV2 contract. Consequently, attackers drained nearly $3 million from the system.
