Solv Protocol's $2.7M ERC-3525 Reentrancy: How Semi-Fungible Tokens Created a Double-Minting Loophole

On March 5, 2026, an attacker turned 135 BRO tokens into 567 million — a 4.2-million-x inflation — by exploiting a reentrancy flaw in Solv Protocol's BitcoinReserveOffering vault. The haul: 38 SolvBTC worth approximately $2.7 million, laundered through RailGun within hours. The exploit wasn't novel. Reentrancy has been draining DeFi since The DAO in 2016. What makes this case a masterclass in security failure is where the reentrancy lived: in the interaction between ERC-3525's semi-fungible token standard and ERC-721's mandatory callback mechanism — a blind spot that no auditor caught because the contract was never audited at all. ERC-3525: The Standard Most Developers Don't Understand Before dissecting the exploit, you need to understand what ERC-3525 actually does. ERC-3525 is a semi-fungible token (SFT) standard. Unlike ERC-721 (unique NFTs) or ERC-20 (identical fungible tokens), ERC-3525 tokens have three dimensions: Token ID (like ERC-721): Each token is uniquely identifiable Valu

Solv Protocol's $2.7M ERC-3525 Reentrancy: How Semi-Fungible Tokens Created a Double-Minting Loophole

Related Articles

The Hidden Magic (and Monsters) of Go Strings: Zero-Copy Slicing & Builder Secrets

Why Watching Tutorials Won’t Make You a Good Programmer

The Code That Makes Rockets Fly

Spotify tests letting users directly customize their Taste Profile

How to Add Face Search to Your App

Related Articles

How-To
The Hidden Magic (and Monsters) of Go Strings: Zero-Copy Slicing & Builder Secrets
Medium Programming • 47m ago

How-To
Why Watching Tutorials Won’t Make You a Good Programmer
Medium Programming • 3h ago

How-To
The Code That Makes Rockets Fly
Medium Programming • 4h ago

How-To
Spotify tests letting users directly customize their Taste Profile
The Verge • 5h ago

How-To
How to Add Face Search to Your App
Dev.to Tutorial • 5h ago