What Happened in the Solv Vault Exploit?
Bitcoin-focused DeFi platform Solv Protocol said it will reimburse users after a vulnerability in one of its Bitcoin Reserve Offering (BRO) vault contracts allowed an attacker to extract about 38 SolvBTC. The stolen assets were worth roughly $2.7 million at the time of the incident and affected fewer than 10 users, according to the protocol.
In a post published Thursday on X, the Solv team described the incident as a “limited exploit” tied to a specific BRO vault rather than the broader protocol. The platform said it will cover the full loss of 38.0474 SolvBTC and compensate impacted users directly.
“All other vaults and user funds remain secure and unaffected. We’re actively investigating with top security partners and have taken steps to prevent any recurrences,” the team wrote in the update.
Investor Takeaway
How the Attacker Inflated BRO Tokens
Security firm Decurity identified the exploit through an automated monitoring bot. According to its findings, the attacker abused a double-minting bug inside a contract associated with the BitcoinReserveOffering vault.
The exploit was repeated 22 times. During those transactions, the attacker turned an initial balance of 135 BRO tokens into roughly 567 million BRO through repeated minting. The inflated tokens were then exchanged for about 38 SolvBTC, which were withdrawn from the vault.
Such double-mint vulnerabilities occur when contract logic allows token creation without properly validating supply limits or transaction state. Once triggered, the flaw can inflate token balances instantly, allowing attackers to convert the excess tokens into other assets held by the contract.
What Solv Protocol Does in the Bitcoin DeFi Ecosystem
Solv Protocol focuses on building yield and capital markets around Bitcoin. Its flagship asset, SolvBTC, is a wrapped BTC instrument designed to allow investors to earn returns while holding Bitcoin exposure.
The platform also operates structured yield vaults called Bitcoin Reserve Offerings, or BROs. These vaults pool capital and deploy strategies aimed at generating yield for BTC holders across decentralized finance markets.
According to data from DeFiLlama, more than $508 million is currently locked in SolvBTC-related products. The protocol describes itself as an onchain Bitcoin reserve and reports a treasury balance of more than 24,000 BTC.
Investor Takeaway
What Happens Next After the Exploit?
Solv said it is working with several blockchain security firms to analyze the incident and prevent similar vulnerabilities. The investigation involves Hypernative Labs, SlowMist, and CertiK.
The protocol is also offering the exploiter a white-hat bounty equal to 10% of the stolen funds if the assets are returned. Bounty offers are a common tactic in DeFi security incidents, where teams attempt to recover funds without prolonged disputes or legal escalation.
Solv’s broader ecosystem continues to attract institutional attention. In 2024, Beijing-based Zeta Network Group announced plans to raise $230 million through a private placement tied to a crypto treasury strategy involving BTC and SolvBTC.
The project’s investors include Binance Labs, Blockchain Capital, and OKX Ventures. With more than half a billion dollars tied to SolvBTC products, the protocol’s response to the exploit will likely be watched closely across the Bitcoin DeFi sector.
