Solv is a reserve protocol on the Bitcoin blockchain, allowing users to exchange BTC for SolvBTC, which allows the underlying holdings to be used on other chains for staking, lending, and borrowing. In March 2026, the protocol suffered a smart contract exploit that resulted in approximately $2.7 million in losses.
Inside the Attack
The Solv hack targeted its BRO vault and exploited a minting vulnerability in the vault’s smart contract. The BitcoinReserveOffering (BRO) contract contained a double-minting flaw, where a deposit of an ERC-3525 NFT caused excess tokens to be minted. The contract’s doSafeTransferIn call triggers the onERC721Received receiver callback, allowing reentry into the contract.
The attacker took advantage of the fact that ERC-3525 is built on top of ERC-721, which mandates calling the receiver callback function during safe transfers. The vault’s call to doSafeTransferIn to ingest the ERC-3525 token triggers a mint, and this operation also triggers onERC721Received, which also minted tokens. Since this second mint is completed before the first, this is a classic reentrancy exploit.
The attacker triggered this vulnerability 22 times, allowing them to convert 135 BRO into approximately 567 million BRO tokens. These were then swapped for approximately 38 SolvBTC, which — due to their 1:1 exchange rate — was worth approximately $2.7 million at the time of the hack.
According to the Solv Protocol team, less than 10 users were impacted by the attack, which was limited to a single vault and didn’t affect other users. The project promised to fully compensate affected parties and offered a 10% white hat bounty to the attacker in exchange for the return of the rest of the funds.
Lessons Learned from the Attack
Reentrancy vulnerabilities are a well-known attack vector in the DeFi space; however, they come in a variety of different forms. This can make it more difficult to identify and address these vulnerabilities in smart contract code since it might not be as simple as looking for the “Check-Effects-Interactions” pattern within a single function. In this case, the fact that ERC-3525 tokens are also treated as ERC-721 tokens enabled the exploit.
Managing these types of security risks requires careful review as well as deep knowledge of how various blockchains and token standards operate. Halborn’s smart contract reviews are performed by auditors with deep understanding of these protocols and experience in looking for these types of unexpected code paths and logic flaws. Get in touch to find out more.