Solv Protocol lost about $2.7M in a vault exploit — and is offering a 10% bounty for a return
Bitcoin-focused DeFi project Solv Protocol disclosed on Thursday that one of its structured yield vaults was exploited, draining roughly 38.05 SolvBTC — about $2.7 million. The funds came from a Bitcoin Reserve Offerings (BRO) vault, part of Solv’s Staking Abstraction Layer used for yield generation and lending.
What happened
- The incident affected fewer than 10 users, Solv says. The team pledged to cover the 38.05 SolvBTC loss and is working with security partners to patch the vulnerability.
- Solv has publicly offered a 10% bounty if the attacker returns the funds to a designated address. As of publication, the exploiter has not indicated whether they will do so.
How the attacker reportedly abused the protocol
- Third-party analysts point to a double-minting flaw in the BitcoinReserveOffering contract. Security firm Decurity’s automated monitoring suggests the exploiter triggered the vulnerability 22 times, first inflating 135 BRO into roughly 567 million BRO tokens, then converting those tokens into SolvBTC.
- A pseudonymous researcher, Pyro, described the vector as a reentrancy-style attack — a pattern where repeated calls to a contract manipulate internal accounting before balances are updated.
Broader context
This exploit is the latest in a string of attacks on DeFi platforms. Earlier this week Curve Finance’s sDOLA LlamaLend markets were manipulated via an oracle/configuration vulnerability that yielded about $240,000 for the attacker. In early February, CrossCurve lost roughly $3 million after a smart-contract flaw allowed spoofed cross-chain messages to bypass gateway validation and unlock funds.
What’s next
Solv says it will produce a full post-mortem and is collaborating with security partners to fix the issue. The offer of a 10% bounty leaves a potential path for partial recovery, but the attacker’s intentions remain unclear.
Read more AI-generated news on: undefined/news
