Solv Protocol (SOLV) is a Bitcoin DeFi platform that allows users to stake BTC or liquid staking tokens (LSTs) in exchange for SolvBTC. Its Bitcoin Reserve Offering (BRO) enables institutions to mint SOLV using BTC reserves while generating yield through DeFi strategies. On March 3, 2026, the protocol’s BRO vaults experienced an exploit, resulting in a loss of 38.0474 SolvBTC (~$2.7M). The root cause was a smart contract vulnerability resembling a re-entrancy–like attack.

Overview

• Attacker: 0xA407fE273DB74184898CB56D2cb685615e1C0D6e

• Attacker’s contract: 0x6aA78a9B245Cc56377b21401B517EC8c03a40F03

• Attacker’s wallet: 0xb32D389901f963E7C87168724fBDCC3A9DB20dc9

• Vulnerable contract: BitcoinReserveOffering

• Attack transaction: 0x44e637c7d85190d376a52d89ca75f2d208089bb02b7c4708ad2aaae3a97a958d

Analysis

From an initial review of the transaction, the attacker executed a 22-iteration loop to mint and burn tokens, with the amount of BRO tokens doubling each time (what an interesting strategy!).

In each cycle, the attacker performed the following steps:

1. Burned BRO to receive a GOEFS NFT (a vault share NFT used to represent ownership and enable functions such as voting).

2. Burned the NFT to redeem the BRO tokens back.

A deeper inspection reveals an interesting issue in the mint() function: it mints BRO tokens twice for a single burned NFT. This effectively means that an attacker could acquire an NFT and redeem it to receive double the amount of BRO, creating an immediate profit opportunity.

After double-checking the verified source code of BitcoinReserveOffering, we can confirm that the contract contains a double-mint vulnerability. This flaw is the root cause of the exploit.

P/S: This is not a re-entrancy bug, since the control flow remains entirely within the contract and no external calls are involved. As a result, the vulnerability stems from flawed internal logic rather than re-entrant execution.

In the end, the attacker accumulated approximately 567M BRO tokens. He then exchanged only 165M BRO for 38 SolvBTC, and subsequently used Uniswap to swap the SolvBTC for 1,211 WETH, which was ultimately converted to ETH and transferred back to his EOA wallet.

Summary

In this exploit, attacker took advantage of a flaw in the contract logic to repeatedly manipulate the mint and redemption process and extract funds from the system. To reduce the risk of similar incidents, DeFi protocols should adopt strong security practices throughout development. This includes conducting comprehensive smart contract audits by reputable security firms, implementing thorough testing (especially for mint, burn, and accounting logic), and adding safeguards such as monitoring and emergency controls. Regular security reviews and audits are particularly important for complex financial contracts, as they can help detect subtle logic flaws before deployment.