Post-Incident Review: BRO Vault Incident and Strengthened Security Commitments

On March 5, 2026, Solv Protocol identified and contained a limited exploit affecting a single BRO Vault (Bitcoin Reserve Offering) deployment. This blog post provides a factual review of the incident, the actions taken in response, and the process improvements that have been implemented going forward.

Solv Protocol remains fully committed to transparency, accountability, and institutional-grade security. While the incident was limited in scope, we take any security event seriously and believe it is important to communicate both the facts and the corrective actions clearly.

Incident Overview

The incident involved a single BRO Vault and resulted in a loss of approximately 38.0474 SolvBTC, equivalent to around $2.7 million at the time of the exploit.

BRO was a standalone, one-time vault deployment created in connection with the Solv Token listing. It was a limited-scope, non-public deployment and was not part of Solv Protocol’s standard product suite. The affected vault reused code from existing product modules, but it was not itself a core or ongoing Solv product.

No other Solv products, vaults, public-access offerings, or user funds were affected. All other assets, systems, and protocol operations continued to function normally throughout.

Scope of Impact

The impact of the incident was strictly limited to this single BRO Vault deployment and affected a total of two participants associated with that vault.

It is important to reiterate that this event did not extend beyond the isolated BRO structure. Solv Protocol’s broader product stack, including its public-access offerings and other vault infrastructure, was not impacted in any way.

Recovery and Compensation

Separately, Solv Protocol moved promptly to protect affected participants from loss. As of March 9, 2026, 100% of the losses associated with the incident had been fully compensated. All affected users were made whole in full.

Review Findings

Following an internal review, we determined that the BRO Vault had not been subject to the same level of operational process and security rigor that applies across Solv Protocol’s established products.

Although the deployment was limited in scope and non-public in nature, the incident made clear that any exception in process, even for a one-time implementation, can create unnecessary risk. That finding has informed the standardization measures now being adopted across all product deployments without exception.

Process Standardization Going Forward

Effective immediately, every smart contract deployed under the Solv ecosystem, including one-time, limited-scope, or non-public deployments, will be required to undergo external audit review by reputable security firms prior to launch.

In addition, Solv Protocol is reinforcing its internal change management standards. Any product-level change that affects security assumptions, alters the original security boundary, or introduces non-standard implementation risk will now be subject to stricter review, approval controls, and formal risk assessment before deployment.

These changes are intended to ensure that all deployments, regardless of access model or scope, are held to a consistent security standard.

Our Commitment

This incident has reinforced the importance of disciplined security processes, rigorous deployment standards, and rapid response readiness across the entire Solv ecosystem.

Solv Protocol remains committed to continuous improvement in security, transparency in incident handling, and accountability to partners and users. We appreciate the continued trust and support of our partners and community, and we remain focused on strengthening the resilience and safety of the ecosystem over time.

Conclusion

The BRO Vault incident was limited to a single non-public, limited-scope deployment. It did not affect Solv Protocol’s broader products or public-access offerings, and all impacted users have been fully compensated.

Our focus now is on ensuring that the lessons from this incident are fully embedded into our operating standards. Security is not only a technical requirement, but an organizational discipline, and we are committed to applying that discipline consistently across every deployment.

Solv Protocol Team