Blockchain data reveals that Nirvana Finance, a yield protocol based in Solana, experienced a $3.5 million hack using flash loans to manipulate and deplete its liquidity pools.
According to CoinGecko data, the price of the native ANA token for the protocol collapsed by over 80% in the most recent few hours, while the NIRV stablecoin lost its peg to the US dollar and sank to 8 cents at the time of writing.
As ANA tokens were purchased from and sold to the protocol, Nirvana allowed users to generate annual yields of over 100% on their locked assets by producing and destroying tokens based on user demand. Before the hack on Thursday, ANA worth more than $3.5 million was locked on the protocol. Attackers frequently use flash loans to obtain the funds necessary to carry out exploits on decentralized finance (DeFi) platforms. The Beanstalk stablecoin protocol lost $182 million in April, and Inverse Finance lost more than $1.2 million last month.
Using smart contracts in place of intermediaries, the loans enable merchants to obtain unsecured loans from lenders. Since the contract only deems the transaction to be complete when the borrower pays the lender, no collateral is needed. This indicates that if a borrower defaults on a flash loan, the smart contract will halt the transaction and repay the lender’s money.
The hack used almost 10 million USDC from the lending platform Solend in a flash loan, according to data from blockchain explorers. At that moment, more than $10 million in ANA had been produced, and the entire amount had been exchanged for $3.5 million in tether (USDT) from Nirvana’s treasury wallet.
This was made feasible since the Treasury believed the inflow of 10 million USDC was real. But because it wasn’t, the protocol was duped into releasing the liquidity from its treasury. Following the attack, the total value locked (TVL) on Nirvana dropped to 7 cents in the early morning hours of Europe. Data from DeFi Llama reveals that it effectively has no further liquidity.
After the attack, Nirvana’s value was frozen at 62 cents. The llama DeFi
After the exploit, the 10 million USDC was given back to Solend. Blockchain data reveals that the stolen assets were converted to DAI, an Ethereum-based stablecoin, and transferred to the Ethereum network via Wormhole, a blockchain tool that connects Solana to other networks. Blockchain data reveals that the attacker’s address, 0xB9AE2624Ab08661F010185d72Dd506E199E67C09, presently possesses more than $3.5 million in DAI.
Administrators on the protocol’s Telegram channel have posted messages stating that Nirvana’s trading features have been suspended by developers as a result of the attack.