The Double-Mint Disaster: How a 2.7 Million Dollar Reentrancy Attack Pierced the Solv Protocol

The Solv protocol, operating atop the Bitcoin blockchain, has endured a devastating smart contract attack. A malefactor exploited a critical aberration within the token minting logic, successfully exfiltrating assets valued at approximately 2.7 million dollars.

Solv functions as a reserve protocol. A patron may exchange Bitcoin for SolvBTC tokens, subsequently mobilizing these assets across disparate blockchains for staking, lending, and borrowing endeavors. In March 2026, a critical vulnerability was unearthed within the BRO repository. A structural flaw entrenched within the smart contract empowered the assailant to mint tokens redundantly.

This anomaly was sequestered within the BitcoinReserveOffering contract. The architects inadvertently permitted a catastrophic double-minting error. Upon the deposit of an ERC-3525 standard NFT, the contract forged nascent tokens. Concurrently, an auxiliary invocation of the NFT processing function transpired, thereby triggering the minting sequence anew.

The genesis of this vulnerability lies deep within the architecture of the ERC-3525 standard. As this format is erected upon the ERC-721 foundation, the secure transmission of a token inherently mandates the contract to invoke a specialized NFT receipt function. The repository’s contract initially ingested the token via the doSafeTransferIn function, subsequently minting nascent BRO tokens. Immediately thereafter, the onERC721Received function triggered autonomously, initiating the minting sequence a second time. This secondary minting culminated prior to the resolution of the inaugural sequence. Such a sinister choreography is universally recognized as a reentrancy attack.

The malefactor flawlessly replicated this illicit operation twenty-two times. Consequently, a mere 135 BRO tokens were transmuted into an astonishing 567 million BRO. The assailant subsequently liquidated these tokens for 38 SolvBTC. Given that the valuation of SolvBTC is inextricably pegged to Bitcoin at a 1:1 ratio, the aggregate extraction soared to approximately 2.7 million dollars.

The Solv vanguard reported that this incursion afflicted fewer than ten patrons. The vulnerability remains strictly isolated within a singular repository; the remainder of the protocol’s constituency remains utterly unscathed. The architects have solemnly pledged to comprehensively restitute the aggrieved parties and have extended a 10% white-hat bounty to the assailant, contingent upon the repatriation of the purloined residual funds.

This narrative sharply illuminates an archaic tribulation plaguing decentralized finance. Reentrancy attacks are profoundly well-documented; however, they manifest in a kaleidoscope of forms, frequently germinating from the labyrinthine interplay between disparate token standards and smart contracts. In the Solv crucible, a defining idiosyncrasy of the ERC-3525 standard—which concurrently operates as an ERC-721 NFT—played the decisive role. This specific amalgamation inadvertently paved an unforeseen avenue for the redundant execution of code and the illicit forging of tokens.