BitOK publishes analysis of fund flows following the Solv Protocol exploit

This publication is provided by the client. The text below is a paid press release that is not part of Cointelegraph.com independent editorial content. The text has undergone editorial review to ensure quality and relevance, it may not reflect the views and opinions of Cointelegraph.com. Readers are encouraged to conduct their own research before taking any actions related to the company. Disclosure.

BitOK’s team conducted a full reconstruction of the incident — from the smart contract vulnerability to the final point of the attacker’s fund flow

March 20, 2026 – BitOK, an AML solutions platform for the cryptocurrency market, has published an investigation into the Solv Protocol hack that took place on March 5, 2026. During the attack, 38.0474 SolvBTC — approximately $2.73 million — was withdrawn from the protocol.

Unlike previously published analyses focused on the technical vulnerability, BitOK’s investigation covers the full lifecycle of the incident: from the logic flaw in the smart contract to the operation carried out to conceal the stolen funds. Particular attention is given to the attacker’s behavior after the theft — a phase that rarely receives detailed analysis.

The BitOK team established the following:

The attack was built on a double-accounting bug in the BitcoinReserveOffering (BRO) contract. A callback function and the contract’s main execution flow independently issued tokens for the same deposit, allowing the attacker to artificially inflate a balance to ~567 million BRO within a single transaction. The actual loss amounted to 38.0474 SolvBTC — the portion of the inflated balance that was successfully converted into liquid assets.

Following the theft, the attacker carried out a systematic concealment operation: converting assets through a chain of SolvBTC to WBTC to WETH, distributing funds across intermediary addresses, and attempting to enter RailGun — a privacy protocol based on zero-knowledge proofs. RailGun’s built-in KYT/AML filters autonomously rejected the transaction and returned the funds. The attacker then redistributed the assets and directed them into Tornado Cash.

“This case is notable not for the size of the loss, but for how clearly it separates two distinct operations: a technical exploit and a financial concealment operation. The second phase gives an analyst no less information than the vulnerability itself,” the BitOK team noted.

The RailGun incident deserves particular attention: the protocol blocked the transaction autonomously, without the involvement of law enforcement or exchange compliance procedures. In BitOK’s view, this reframes the role privacy protocols can play in the industry’s compliance infrastructure.

The full investigation — including a detailed breakdown of the attack mechanics, a fund flow diagram, and a behavioral profile of the attacker — is available on the BitOK website.

About BitOK

BitOK is an AML solutions platform for the cryptocurrency market, operating since 2016. The company serves traders, exchanges, and banks worldwide, helping them ensure transaction transparency, meet regulatory requirements, and protect against fraud — around the clock. The platform is built on advanced data analytics and artificial intelligence, delivering high-quality transaction monitoring at scale. BitOK’s product lineup covers the full compliance spectrum: KYT solutions for businesses, investigation tools, AML reports, personal asset tracking, and international AML training. BitOK operates as the bridge between the crypto industry and traditional financial institutions — proving that transparency and compliance are not barriers, but the foundation of a civilized crypto market.

Official website: bitok.org