Solv Protocol Offers 10% Bounty After $2.7M Exploit
What to Know
- $2.7 million was drained from a Solv Protocol vault in a smart contract exploit on Thursday
- 38.05 SolvBTC — a Bitcoin-pegged token — was stolen after the attacker minted tokens 22 times
- Solv offered the attacker a 10% bounty to return funds, but the hacker has not responded on-chain
- Security firms Hypernative, SlowMist, and CertiK are jointly investigating the incident
Solv Protocol, a Bitcoin-based decentralized finance platform, confirmed Thursday that one of its vaults was exploited for $2.7 million, with the project publicly offering the attacker a 10% bounty to return the stolen assets. Fewer than 10 users were directly impacted by the breach, which drained 38.05 Bitcoin-pegged tokens from the protocol.
How Did the Solv Protocol Exploit Happen?
The attacker leveraged a vulnerability in one of Solv Protocol's smart contracts that allowed unauthorized minting of excessive token amounts. According to CD Security co-founder Chris Dior, the attacker exploited the flaw 22 times in quick succession, generating hundreds of millions of tokens before swapping them for 38.05 SolvBTC — a token pegged to Bitcoin (BTC).
Pseudonymous crypto researcher "Pyro" described the mechanism as a re-entrancy attack, a class of exploit where unexpected inputs expose gaps in smart contract logic. Re-entrancy attacks have plagued DeFi protocols for years, making them one of the most well-documented yet recurring vulnerabilities in the ecosystem.
What Is SolvBTC and Why Does It Matter?
SolvBTC is the protocol's native Bitcoin-pegged token. Users deposit Bitcoin into Solv to receive SolvBTC, which they can then deploy across other blockchains to lend, borrow, or stake. The protocol currently holds 24,226 Bitcoin valued at over $1.7 billion, positioning itself as the largest on-chain Bitcoin reserve.
The $2.7 million loss represents a small fraction of the protocol's total holdings, yet the exploit highlights ongoing smart contract risks for Bitcoin-linked DeFi products. Solv said in an X post that it had introduced safeguards to prevent the same attack pattern from occurring again.
We have implemented measures to prevent recurrence and are actively investigating the exploit with our security partners.
— Solv Protocol, said in a statement
Bounty Offer and Hacker Response
Solv shared an Ethereum wallet address publicly in its X post, inviting the attacker to accept a 10% bounty — approximately $270,000 — in exchange for returning the remaining $2.43 million. Security firms Hypernative, SlowMist, and CertiK are all involved in the investigation alongside the Solv team.
As of Thursday, the hacker had not responded via any on-chain message to the disclosed Ethereum address, according to data from Etherscan. Whether the attacker will engage with the bounty offer remains to be seen, a pattern seen in several DeFi exploits where protocols attempt negotiated recovery before pursuing legal or law-enforcement channels.
Stay ahead of the market.
Crypto news and analysis delivered every morning. Free.
More from TheCryptoWorld
About the Author
Contributor
TheCryptoWorld Staff is a contributor at TheCryptoWorld.
View all contributors
Follow thecryptoworld.io on Google News to receive the latest news about blockchain, crypto, and web3.
Follow us on Google News
