Security researchers say a flaw in Solv Protocol’s contracts allowed an attacker to mint tokens and swap them for a Bitcoin-pegged token, draining roughly $2.7 million from the platform.
Solv, a DeFi protocol that issues SolvBTC — a token backed by deposited Bitcoin — reported that a token vault was exploited and about 38.05 SolvBTC was taken. The project said fewer than 10 users were affected and that it will cover the loss. Solv also offered the attacker a 10% bounty if funds are returned and has posted an Ethereum wallet address for restitution; blockchain trackers show no return or on-chain message from the attacker to date.
Solv said it has implemented preventative measures and is working with security firms Hypernative, SlowMist and CertiK to investigate the incident. The protocol allows users to deposit Bitcoin to receive SolvBTC, which can be used to lend, borrow or stake across different blockchains. Solv holds 24,226 BTC — valued at more than $1.7 billion — and describes itself as the largest on-chain Bitcoin reserve.
Solv has not released a full technical postmortem, but two independent researchers described the likely exploit. Chris Dior, co-founder of CD Security, reported that the attacker repeated the bug 22 times, minting hundreds of millions of protocol tokens and swapping them for just over 38 SolvBTC. A pseudonymous analyst known as “Pyro” characterized the issue as a re-entrancy-style vulnerability, where unexpected inputs allow repeated or nested calls that break intended contract logic — a frequent attack vector in DeFi.
Solv says it will pursue remediation and has taken immediate steps to harden the affected contracts while the investigation continues.