---

Solv Protocol, a Bitcoin-focused decentralized finance platform, confirmed on March 5, 2026 that an attacker had drained approximately $2.7 million from one of its Bitcoin Reserve Offering (BRO) vaults. The breach exploited a double-minting flaw in a smart contract, allowing the attacker to create tokens far in excess of any legitimate deposit. Fewer than ten users were directly affected, according to Solv, and all other vaults on the platform were reported to be secure.

Security firm Decurity, whose automated monitoring bot detected the attack, described the mechanics in detail. The attacker called the vulnerable BitcoinReserveOffering contract 22 times in succession, converting 135 BRO tokens into approximately 567 million BRO tokens. A double-minting flaw is a contract-level logic error that allows a single input to generate multiple outputs; in this case, each repeated call issued new tokens without a corresponding deposit. The attacker then exchanged the inflated token balance for 38.0474 SolvBTC, a wrapped Bitcoin token issued by Solv itself, worth about $2.7 million at the time.

Solv confirmed it would cover all losses from the incident. In a post on X, the team described it as a "limited exploit" and stated that it was "actively investigating with top security partners," naming Hypernative Labs, SlowMist, and CertiK. The protocol has also offered the attacker a 10% white hat bounty to return the stolen funds voluntarily. A white hat bounty is a standard industry mechanism that offers a portion of stolen funds as an incentive for voluntary return.

The exploit raises questions about audit coverage. Solv has previously commissioned security reviews from five separate firms: Quantstamp, CertiK, SlowMist, Salus, and Secbit. Despite that history, the flaw in the BRO vault contract was not caught before deployment. Security researchers have noted a broader pattern in DeFi: general protocol audits do not always extend to newer or auxiliary contracts added after initial review. According to Halborn's 2025 DeFi Hacks Report, the industry lost $2.9 billion across 200 protocol exploits last year alone, with logic errors and flawed minting mechanisms appearing repeatedly among major incidents. The report cites comparable examples including the $223 million Cetus Protocol hack and the $42 million GMX V1 exploit.

The breach carries particular weight in markets Solv has been actively targeting. In April 2025, Solv launched SolvBTC.CORE, a Shariah-compliant Bitcoin yield product developed in partnership with Nawa Finance and certified by Amanie Advisors. The product was pitched directly to retail and institutional investors in Saudi Arabia, the UAE, Pakistan, Nigeria, Indonesia, and Malaysia. Shaqir Hashim, a core contributor at Nawa Finance, stated at the time: "BTC is the most widely held asset in markets like Saudi Arabia, the UAE, Pakistan, Nigeria, Indonesia, and Malaysia." An exploit hitting the same platform creates a significant credibility problem in precisely the regions Solv has invested in most heavily.

Sub-Saharan Africa's DeFi participation has grown sharply, with the region processing more than $30 billion in on-chain value annually, according to Chainalysis. Bitcoin accounts for 89% of retail crypto transaction value in Nigeria and 74% in South Africa, also according to Chainalysis. South Asia saw crypto adoption grow by 80% in the first half of 2025, the fastest rate of any region globally. In markets where consumer protection frameworks for digital assets are limited or absent, a smart contract exploit on a Bitcoin yield platform carries a heavier practical cost than in more regulated jurisdictions. Users who lose funds in such incidents typically have access to fewer formal avenues for recourse than those operating in heavily regulated financial markets.

The protocol's token metrics add further pressure to the situation. SOLV, the governance token for Solv Protocol, was trading at approximately $0.004 on March 6, 2026, with a market capitalization of roughly $5.9 million and a 24-hour trading volume of about $8.27 million, according to CoinGecko. A token unlock releasing approximately 189.68 million SOLV tokens (valued around $760,000) is scheduled for March 17, less than two weeks after the exploit announcement. That unlock could add sell pressure at an already sensitive moment for the protocol.

Solv holds between $2.5 billion and $2.7 billion in total value locked across its products, with roughly 24,000 to 26,000 BTC staked by more than 537,000 users globally, with some estimates placing that figure closer to 590,000. The $2.7 million drained from the BRO vault represents less than 0.1% of the protocol's reported TVL. How quickly the protocol publishes a detailed post-mortem and what concrete changes it makes to its pre-deployment security process will be closely watched, particularly in the emerging markets it has been recruiting most aggressively.

The March 2026 exploit is not the first incident to test Solv's credibility. In January 2025, the protocol's X account was compromised and used to spread false information about a token contract address. That same month, analyst Hanzhi Liu published allegations that Solv had artificially inflated its TVL figures. The protocol disputed those claims, characterising them as a "coordinated smear campaign." Both episodes form part of the record that users and institutional partners will weigh as they assess the protocol's security posture and transparency in the months ahead.