- Nirvana DeFi protocol drained following flash loan attack.
- Nirvana’s native currency, ANA, somersaults approximately 80%, hours after the attack.
Data showed that Nirvana has been manipulated and its liquidity pool worth approximately $3.5 million were drained via a flash loan exploit. After this attack, the protocol’s native currency ANA token experienced a sharp decline of over 80% hours later, and its stablecoin (NIRV) got unpegged from USD.
Nirvana is a Solana-based DeFi protocol that offers an investment gateway for funds storage. Its native token is ANA and the protocol features bounded risk which utilizes partial collateralization, diversified stablecoin reserves for ultra-low-risk backing value, a call-option incentive system for renewable yield, and true protocol-owned liquidity, among others.
Before the attack on Thursday, 28th July 2022, the protocol had locked assets of over $10 million ANA tokens, worth approximately $3.5 million. According to CoinGecko, the Nirvana DeFi protocol allows annual yields of over 100% on locked assets; as the ANA tokens are bought from and sold to the protocol, it creates and burns tokens per the user demand.
Attackers can leverage flash loans to exploit decentralized finance (DeFi) platforms. A flash loan attack is the manipulation of a platform’s smart contract security whereby an attacker borrows large sums with no collateral, then influences the price of a cryptocurrency in one market before immediately selling it in another.
The loan process uses a smart contract rather than third parties; no collateral is required. However, the transaction is signed as completed by the smart contract when the borrower repays the loans. When a borrower defaults, the smart contract cancels the transaction, and the money is reversed to the lender.
In the case of an attack, the process is often quick, and the attacker can move funds many times before finally disappearing and leaving no trace.
Via flash loans, the attack on Nirvana used almost 10 million USDC from the lending platform Solend as seen in the data from blockchain explorers. At that time, more than $10 million in ANA had been created, and the attacker had exchanged the total amount from Nirvana’s treasury wallet for $3.5 million in USDT. The network completed the transaction process because the treasury recognized the 10 million USDC infusion to be accurate when it wasn’t, which led to the protocol being manipulated into making available its treasury’s liquidity.
Data from DeFi Llama reveals that the total value locked (TVL) on Nirvana protocol declined to 7 cents, and its entire liquidity pool drained following the attack.
Meanwhile, after the attack, as shown by Blockchain data, the 10 million USDC was returned to Solend. The stolen funds were swapped to the Ethereum network using a blockchain tool (wormhole) that connects Solana to other networks. The hacker converted the funds to DAI, an Ethereum-based stablecoin.
Blockchain data shows that the Nirvana protocol attacker address – 0xB9AE2624Ab08661F010185d72Dd506E199E67C09 – currently has more than $3.5 million worth of DAI.
A similar attack to Nirvana was reported in April on the Beanstalk stablecoin protocol, which had $182 million drained from the protocol, and recently over $1.2 million was exploited from Inverse Finance.
At the time of writing, Nirvana had not responded to requests for comments. The protocol developers suspended trading functions following messages by admins on its Telegram channel.
What do you think about this article? Let us know in the comments.