SKN | Solv Protocol Hit by $2.7M Exploit, Offers Hacker 10% Bounty to Return Funds

Key Points

• Solv Protocol suffered a $2.7 million exploit affecting a token vault tied to its Bitcoin-based DeFi system.
• The platform offered the attacker a 10% bounty in exchange for returning the stolen funds.
• Security researchers say the breach likely stemmed from a smart contract vulnerability enabling excessive token minting.

Solv Protocol confirmed that one of its token vaults was exploited, resulting in the loss of roughly $2.7 million in assets.

The decentralized finance platform said the attack impacted fewer than ten users and involved the theft of approximately 38.05 SolvBTC, a token pegged to Bitcoin.

Solv stated that it will fully cover the losses suffered by affected users while continuing its investigation into the breach.

The protocol also said it had implemented additional safeguards to prevent similar attacks in the future.

Security Firms Investigating the Incident

The project has begun working with several blockchain security firms to analyze the exploit and strengthen its infrastructure.

Among the firms assisting the investigation are Hypernative Labs, SlowMist and CertiK.

Solv Protocol allows users to deposit Bitcoin and receive SolvBTC tokens, which can then be used in decentralized finance applications for lending, borrowing and staking across different blockchains.

According to the project, its ecosystem holds more than 24,000 Bitcoin valued at over $1.7 billion, making it one of the largest on-chain Bitcoin reserve platforms.

Researchers Point to Smart Contract Vulnerability

Security analysts say the attack likely exploited a weakness in one of the protocol’s smart contracts.

The vulnerability allegedly allowed the attacker to mint large amounts of a token linked to the platform before converting those tokens into SolvBTC.

Crypto security researcher Chris Dior, co-founder of CD Security, said the attacker executed the exploit 22 times before swapping the tokens for about 38 SolvBTC.

Another pseudonymous researcher known as Pyro described the incident as a re-entrancy attack — a common exploit in decentralized finance where a smart contract processes repeated calls before completing a transaction.

Platform Offers Hacker a Bounty

In an effort to recover the stolen assets, Solv Protocol publicly offered the attacker a 10% bounty in exchange for returning the funds.

The project published a wallet address on social media, inviting the hacker to negotiate by sending an on-chain message.

At the time of reporting, no communication had been received through the address on Etherscan.

The incident highlights ongoing security challenges within decentralized finance, where complex smart contracts and cross-chain integrations can introduce vulnerabilities despite extensive audits.