Solv Protocol offers 10% bounty after $2.7M vault exploit

Crypto security researchers say the hacker exploited a bug allowing them to mint tokens, before swapping the freely-gained tokens for another tied to Bitcoin.

Bitcoin-based decentralized finance platform Solv Protocol says one of its token vaults was exploited for $2.7 million and has offered the attacker a 10% bounty in exchange for returning the stolen funds.

Solv said in an X post on Thursday that fewer than 10 of its users were impacted, but it would cover the loss of 38.05 Solv Protocol BTC (SolvBTC), a token pegged to Bitcoin.

The project added that it had implemented measures to prevent the same attack from recurring and was investigating the exploit with crypto security firms Hypernative, SlowMist and CertiK.

Solv allows users to deposit Bitcoin for Solv Protocol BTC, which they can then use to lend, borrow or stake on other blockchains. The project has 24,226 Bitcoin worth over $1.7 billion and claims it is the largest on-chain Bitcoin reserve.

Solv hasn’t confirmed how the exploit occurred, but two crypto security researchers said it stemmed from a vulnerability in one of Solv’s smart contracts that allowed the attacker to mint excessive amounts of a token used on the protocol.

The attacker exploited the vulnerability 22 times before swapping hundreds of millions of the tokens for just over 38 SolvBTC, according to CD Security co-founder Chris Dior.

Pseudonymous crypto researcher “Pyro” described the exploit as a re-entrancy attack, where unexpected inputs expose gaps in smart contracts, a popular attack that has plagued multiple DeFi protocols for years.

Solv shared an Ethereum wallet address in its X post to encourage the hacker into accepting a 10% bounty.

However, the hacker has not yet sent an on-chain message to the address, according to Ethereum block explorer Etherscan.