Crypto security researchers say the hacker exploited a bug that allowed them to mint the tokens before exchanging the freely earned tokens for another Bitcoin.
Bitcoin-based decentralized financial platform Solv Protocol says one of its token vaults was used for $2.7 million and offered the attacker a 10% reward in return for the stolen funds.
Solv said in an X message on Thursday that less than 10 of its users were affected, but that it was covering the loss of 38.05 Solv Protocol BTC (SolvBTC), a token linked to Bitcoin (BTC).
The project added that it is taking steps to prevent the same attack from happening again, and is investigating the exploit with crypto security companies Hypernative Labs, SlowMist and CertiK.
Solv allows users to stake Bitcoin for Solv Protocol BTC, which they can then use to lend, borrow or contribute to other blockchains. The project has 24,226 Bitcoins worth more than $1.7 billion and claims to be the largest Bitcoin reserve.
Solv has not confirmed how the exploit occurred, but two crypto security researchers attributed it to a vulnerability in one of Solv’s smart contracts that allowed a hacker to over-coin a token used in the protocol.
related to: The former director of Mt. Gox floats fork to recover 80k hacked bitcoins
CD Security founder Chris Dior said the hacker exploited the vulnerability 22 times before exchanging hundreds of millions of tokens for 38 SolvBTC.
The crypto researcher who goes by the pseudonym “Pyro” described the exploit as a replay attack where unsuspecting inputs expose loopholes in smart contracts, a common attack that has plagued numerous DeFi protocols for years.
Solv shared the address of the Ethereum wallet in their post to encourage the hacker to receive a 10% reward.
However, according to Ethereum blockchain researcher Etherscan, the hacker has yet to send the chain message to the address.
Magazine: Bitcoin may face difficulties in any attempt to freeze Satoshi coins
