{"id":140667,"date":"2026-03-09T09:05:53","date_gmt":"2026-03-09T09:05:53","guid":{"rendered":"https:\/\/mycryptomania.com\/?p=140667"},"modified":"2026-03-09T09:05:53","modified_gmt":"2026-03-09T09:05:53","slug":"solv-protocol-2-5m-exploit-double-mint-bug","status":"publish","type":"post","link":"https:\/\/mycryptomania.com\/?p=140667","title":{"rendered":"Solv Protocol $2.5M Exploit: Double Mint Bug"},"content":{"rendered":"

The Solv Protocol exploit<\/strong> resulted in approximately $2.5M in losses<\/strong> after an attacker exploited a logic flaw in the BitcoinReserveOffering contract<\/strong>. The vulnerability allowed the attacker to mint BRO tokens twice during a single mint flow<\/strong>, leading to massive token inflation.<\/p>\n

The issue stemmed from an interaction between the NFT transfer process and the <\/strong>onERC721Received callback<\/strong>. By triggering token minting inside the callback and then receiving another mint when execution returned to the main mint() function, the attacker was able to create unbacked BRO\u00a0tokens<\/strong>.<\/p>\n

How the Exploit Happened?<\/h3>\n

The attacker began with 135 BRO tokens<\/strong>, which were burned through the reserve contract. In return, the protocol issued a small amount of GOEFS tokens<\/strong> based on the current exchange\u00a0rate.<\/p>\n

Using these tokens, the attacker initiated a mint transaction<\/strong>, sending GOEFS tokens along with a specific NFT. When the NFT was transferred, the contract triggered the onERC721Received callback<\/strong>, which internally executed the _mint function and issued BRO tokens to the attacker.<\/p>\n

However, after the callback finished, the contract returned to the original mint() function and minted tokens again for the same action<\/strong>. This unintended behavior resulted in double\u00a0minting<\/strong>.<\/p>\n

Token Inflation in a Single Transaction<\/h3>\n

The attacker repeatedly triggered this mint flow 22 times within a single transaction<\/strong>. Because the entire exploit occurred in one transaction, the exchange rate remained constant<\/strong>, allowing the attacker to repeatedly double the minted\u00a0tokens.<\/p>\n

Through this process, the attacker inflated their holdings from 135 BRO tokens to approximately 567 million BRO\u00a0tokens<\/strong>.<\/p>\n

Converting the Exploit Into\u00a0Profit<\/h3>\n

Once the tokens were minted, the attacker converted part of the inflated supply into real assets. Around 165M BRO tokens<\/strong> were swapped through the BRO\u2013SolvBTC exchange<\/strong>, and then routed through Uniswap V3<\/strong>, eventually converting the assets into 1211\u00a0ETH<\/strong>.<\/p>\n

The remaining tokens remained in the attacker\u2019s wallet.<\/p>\n

Following the swaps, the extracted ETH was transferred to multiple attacker-controlled wallets and eventually deposited into RailGun<\/strong>, a privacy protocol used to obscure transaction trails.<\/p>\n

Want to see the full technical breakdown, attack flow diagrams and on-chain analysis?<\/strong>Read our detailed blog: Solv Protocol Exploit (Explained in\u00a0Depth)<\/strong><\/a><\/p>\n

Root Cause<\/h3>\n

The exploit was caused by a logic flaw in the minting\u00a0flow<\/strong>.<\/p>\n

During NFT transfers, the contract triggered a callback (onERC721Received) that already executed a mint. When execution returned to the mint() function, the contract minted tokens again without validating whether minting had already occurred<\/strong>.<\/p>\n

This lack of validation allowed the attacker to repeatedly mint tokens and inflate supply within a single transaction.<\/p>\n

Why This\u00a0Matters?<\/h3>\n

The Solv Protocol exploit highlights how small logic flaws in smart contract flows can lead to catastrophic token inflation<\/strong>. Improper handling of external calls, callbacks, and state updates<\/strong> can introduce subtle vulnerabilities that attackers can exploit at\u00a0scale.<\/p>\n

Solv Protocol $2.5M Exploit: Double Mint Bug<\/a> was originally published in Coinmonks<\/a> on Medium, where people are continuing the conversation by highlighting and responding to this story.<\/p>","protected":false},"excerpt":{"rendered":"

The Solv Protocol exploit resulted in approximately $2.5M in losses after an attacker exploited a logic flaw in the BitcoinReserveOffering contract. The vulnerability allowed the attacker to mint BRO tokens twice during a single mint flow, leading to massive token inflation. The issue stemmed from an interaction between the NFT transfer process and the onERC721Received […]<\/p>\n","protected":false},"author":0,"featured_media":140668,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-140667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-interesting"],"_links":{"self":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/140667"}],"collection":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=140667"}],"version-history":[{"count":0,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/140667\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/media\/140668"}],"wp:attachment":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=140667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=140667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=140667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}