Solana-Based Yield Protocol, Nirvana Finance, Suffered a $3.5 Million Exploit Through Flash Loans
- Nirvana investors enjoyed annual percentage yields (APY) of more than 100 percent on their locked tokens.
Data from blockchain security firm, PeckShield, reveals that hackers exploited a Solana-based DeFi (Decentralized Finance) protocol, Nirvana, through flash loans and siphoned ANA tokens worth $3.5 million. In the last few hours after the attack, the price of the protocol’s governance token (ANA) has dropped by more than 80 percent.
According to our data, Nirvana’s stablecoin (NIRV) has lost its status quo and currently trades at $0.08.
Worth noting, Nirvana investors enjoyed annual percentage yields (APY) of more than 100 percent on their locked tokens. This was possible because the protocol was minting and destroying ANA tokens based on the volume of the token’s transactions on the protocol. Before the exploit, users had locked more than $3.5 million and tokens on the protocol.
Nirvana; a Victim of its Success
Most of the exploits on DeFi protocols have been through flash loans. It is the most popular method hackers use to access funds on most DeFi systems. In June, Inverse Finance lost $1.2 million in digital assets through a flash loan hack. Also, through the same method, Beanstalk stablecoin protocol lost $182 million to hackers in April.
Through this loan system, traders can use smart contracts to access unsecured funds from lenders. Thus, enabling them to bypass third parties before they can access loans. Collateral or any third party isn’t necessary for such loans. The contract will only mark the transaction as complete when the borrower completes repayment to the lender.
Thus, if a borrower defaults on a flash loan, the smart contract will cancel the transaction automatically and refund the lender. Blockchain explorer data shows that hackers sourced a 10 million USDC flash loan from Solend (a Solana lending tool).
They used all the loans to mint or create ANA tokens. Then, they used Nirvana’s treasury wallet to swap the ANA tokens for $3.5 million worth of USDT. Unknown to the treasury, the 10 million worth of USDC deposit wasn’t genuine. Hence, it fell for the trick and released liquidity from its treasury.
DeFi Llama data showed that the hackers drained all of Nirvana’s liquidity pool. Thus, its total value dropped to $0.0069 during this morning’s European trading session. After the exploit, the hackers refunded 10 million USDC back to Solend. They used Wormhole bridge to transfer the stolen funds to the Ethereum network.
Then, they swapped the stolen funds to the Ethereum-built stablecoin, DAI. The famous Wormhole bridge is the link between Solana and other networks for fund swapping. Blockchain data shows that the hacker still retains the $3.5 million worth of DAI in their wallet address.
The messages on Nirvana’s telegram channel by its admins show that crypto firms have paused the protocol’s trading functions on their platforms. Nirvana hasn’t issued any official statement regarding the exploit. Also, it hasn’t responded to any media queries over the incident.
Rebecca is a Senior Staff Writer at BitcoinWisdom, working hard to bring you the latest breaking news in the cryptocurrency market. In the words of Elon Musk “Buy stock in several companies that make products & services that *you* believe in. Only sell if you think their products & services are trending worse. Don’t panic when the market does. This will serve you well in the long-term.”
