On March 5, 2026, the DeFi protocol Solv Protocol suffered a smart-contract exploit that resulted in the loss of approximately 38.0474 SolvBTC (around $2.73 million) from one of its Bitcoin Reserve Offering (BRO) vaults. The attack targeted the protocol’s BitcoinReserveOffering contract and exploited a flaw in its minting logic that allowed tokens to be minted twice within the same transaction.
The vulnerability was linked to the protocol’s implementation of the semi-fungible token standard ERC-3525, which inherits transfer behavior from ERC-721 NFTs. When an ERC-721 token is transferred, a callback function called onERC721Received is triggered in the receiving contract. In the vulnerable contract, this callback executed before the system finalized its internal accounting state. As a result, the contract minted BRO tokens during the callback and then minted them again once execution returned to the original mint function.
By exploiting this sequence, the attacker was able to perform a double-mint from a single deposit. Because the entire process occurred within one transaction, the vault’s exchange rate was not updated between operations. The attacker repeatedly executed this loop, turning 135 BRO tokens into roughly 567 million BRO tokens across 22 cycles.
After inflating the token supply, the attacker began converting the tokens into liquid assets. A portion of the minted BRO tokens was swapped for SolvBTC and then routed through liquidity pools on Uniswap to convert the assets into ETH. In total, the attacker extracted approximately 1,211 ETH, equivalent to about $2.73 million.
Following the extraction, the attacker attempted to move the funds through the privacy protocol Railgun. However, Railgun’s compliance and transaction-monitoring mechanisms flagged the deposit as suspicious and returned the funds to the sender. The attacker subsequently redirected the assets through Tornado Cash, a mixing service that allows users to obscure transaction history.
Investigations also revealed that the exploited contract had not undergone a security audit prior to deployment. While Solv Protocol lists several auditing firms for other parts of its infrastructure, the BitcoinReserveOffering contract was not included in those reviews. The protocol’s bug bounty program similarly did not cover the affected contract, leaving a critical component outside formal security oversight.
