Solv Protocol Drained of $2.7M in Bitcoin Vault Exploit on March 5
Solv Protocol confirmed a security breach on March 5, 2026, resulting in the loss of 38.0474 SolvBTC (~$2.7 million) from a specific yield vault, though the protocol has pledged to fully compensate the fewer than 10 users affected.
- 01The attacker exploited a double-minting flaw 22 times on March 5, 2026, to drain 38.0474 SolvBTC.
- 02Solv Protocol confirmed fewer than 10 users were impacted and committed to 100% compensation.
- 03Despite the $2.7M loss, Solv Protocol retains over 24,000 BTC in reserves as of March 06, 2026.
What Happened
As of March 06, 2026, Bitcoin is trading at $70,169 (-3.56% 24h). Against this market backdrop, Solv Protocol confirmed a security incident involving its Bitcoin Reserve Offering (BRO) contract. On March 5, 2026, an attacker exploited a vulnerability to drain 38.0474 SolvBTC, valued at approximately $2.7 million at the time of the breach.
According to security firm Decurity, the root cause was a "double-minting" vulnerability within the mint() function of the contract. The attacker executed the exploit 22 times, inflating the supply of BRO tokens before swapping them for SolvBTC. Solv Protocol has since paused the affected contract and is collaborating with security partners Hypernative Labs, SlowMist, and CertiK to investigate the incident.
:::chart BTC 7d
Background
Solv Protocol operates as a decentralized Bitcoin reserve, allowing users to stake assets to earn yield. As of March 06, 2026, the protocol holds a total balance of 24,226 BTC, making it one of the largest on-chain Bitcoin reserves. The specific vault targeted—the Bitcoin Reserve Offering (BRO)—represents a fraction of the protocol's total Total Value Locked (TVL), which stands at $508 million for SolvBTC.
The exploit is categorized as a logic flaw rather than a private key compromise. The protocol has offered a 10% white-hat bounty to the exploiter for the return of the remaining 90% of the stolen funds.
The Bull Case
Despite the breach, market reaction has been relatively muted. The Solv Protocol Team emphasized in their official statement on March 5, 2026, that the exploit was "limited" to a single vault and that "all other user funds remain secure and unaffected." They further committed to fully covering the losses for the fewer than 10 users impacted.
Furthermore, market analysis by BeInCrypto on March 6, 2026, noted that the native SOLV token remained resilient, trading at $0.004 (+3.5% 24h) immediately following the news. This price action suggests that the market views the protocol's "make-whole" policy and transparency as sufficient to mitigate long-term reputational damage.
The Bear Case
Security experts remain critical of the oversight that allowed such a repetitive attack. Chris Dior, co-founder of CD Security, highlighted on March 6, 2026, that the attacker was able to exploit the vulnerability 22 separate times without triggering an automated pause. Dior noted that the attacker successfully "inflated 135 BRO tokens into 567 million" before the protocol intervened, pointing to a failure in real-time monitoring systems.
Pseudonymous researcher Pyro added that the incident resembles a re-entrancy attack pattern, suggesting that "common DeFi vulnerabilities continue to plague even high-profile Bitcoin-centric platforms," raising concerns about the audit quality of specific vault strategies deployed by the protocol.
What to Watch
Investors should monitor the outcome of the bounty negotiation. If the attacker accepts the 10% offer, approximately $2.4 million could be returned to the protocol. Additionally, the release of the post-mortem report from CertiK and SlowMist will be critical in determining whether similar vulnerabilities exist in other Solv vaults.