Crypto security researchers say a bug let the attacker mint tokens, then swap those tokens for one tied to Bitcoin.
Solv Protocol, a Bitcoin-based DeFi platform, says a token vault was exploited for $2.7 million and has offered the attacker a 10% bounty to return the funds. The project said fewer than 10 users were affected and it will cover the loss of 38.05 Solv Protocol BTC (SolvBTC), a token pegged to Bitcoin.
Solv said it has implemented preventative measures and is investigating the incident with security firms Hypernative, SlowMist and CertiK. The protocol lets users deposit Bitcoin to receive SolvBTC, which can be used to lend, borrow or stake across other blockchains. Solv holds 24,226 BTC — worth over $1.7 billion — and says it is the largest on-chain Bitcoin reserve.
Solv has not publicly confirmed the exact exploit, but two crypto security researchers indicated the issue came from a vulnerability in a smart contract that allowed excessive minting of a protocol token. CD Security co-founder Chris Dior reported the attacker exploited the bug 22 times and swapped hundreds of millions of the minted tokens for just over 38 SolvBTC. Pseudonymous researcher “Pyro” characterized the flaw as a re-entrancy-style vulnerability, where unexpected inputs expose gaps in smart contracts — a common DeFi attack vector.
To encourage restitution, Solv posted an Ethereum wallet address and offered the attacker a 10% bounty, but Etherscan shows no on-chain message or return from the attacker so far.
Cointelegraph is committed to independent, transparent journalism. This article follows Cointelegraph’s Editorial Policy; readers are encouraged to verify information independently. Read the policy at https://cointelegraph.com/editorial-policy