Solv Protocol, a Bitcoin-based decentralized finance platform, has suffered a $2.7 million exploit. The attacker reportedly exploited a bug to mint tokens before swapping them for Bitcoin-pegged assets. The project has offered a 10% bounty for the return of the stolen funds and is covering the losses for the fewer than ten affected users.
Bitcoin-based decentralized finance platform Solv Protocol says one of its token vaults was exploited for $2.7 million. The project has offered the attacker a 10% bounty in exchange for returning the stolen funds.
Solv Protocol stated that fewer than ten users were impacted. It will cover the loss of 38.05 Solv Protocol BTC (SolvBTC), a token pegged to Bitcoin.
The project added that it had implemented measures to prevent the same attack from recurring. It is investigating the exploit with crypto security firms Hypernative Labs, SlowMist and CertiK.
Solv Protocol allows users to deposit Bitcoin for SolvBTC, which they can then use on other blockchains. The project holds over 24,000 Bitcoin, valued at more than $1.7 billion.
The project has not confirmed the exact method, but researchers identified a smart contract vulnerability. CD Security co-founder Chris Dior said the hacker exploited this 22 times before swapping for SolvBTC.
Pseudonymous crypto researcher “Pyro” described the exploit as a re-entrancy attack. This is a known method where unexpected inputs expose gaps in smart contracts.
Solv Protocol shared an Ethereum wallet address to encourage the hacker to accept the bounty. However, data shows the hacker has not yet sent an on-chain message to that address.
