July 29, 2022 - Solana DeFi Protocol Nirvana Drained of $3.5 million Liquidity After Flash Loan Exploit

Cordalo simplify writing Corda applications.

Nirvana Finance, a Solana-based yield protocol, suffered a $3.5 million exploit utilizing flash loans to manipulate and drain its liquidity pools, blockchain data shows. CoinDesk reports: The price of the protocol’s native ANA token fell over 80% in the past few hours, while its NIRV stablecoin lost its peg to the U.S. dollar and dropped to 8 cents at writing time, CoinGecko data shows. Nirvana allowed users to earn annual yields of over 100% on their locked assets by creating and destroying tokens based on user demand as the ANA tokens were bought from and sold to the protocol. Over $3.5 million worth of ANA was locked on the protocol before the attack on Thursday. Data from blockchain explorers shows the attack used over 10 million USDC sourced from lending tool Solend in a flash loan. At that point over $10 million worth of ANA was minted, or created, and the entire amount swapped to receive $3.5 million worth of tether (USDT) from Nirvana’s treasury wallet. This was possible because the treasury considered the 10 million USDC infusion to be genuine. However, it wasn’t, and the protocol was hence tricked into releasing its treasury’s liquidity. The total value locked (TVL) on Nirvana fell to 7 cents in European morning hours following the attack. Its entire liquidity pool was effectively drained, data from DeFi Llama shows. The 10 million USDC was returned to Solend after the exploit. The stolen funds were transferred to the Ethereum network using Wormhole, a blockchain tool that connects Solana to other networks, and converted to DAI, an Ethereum-based stablecoin, blockchain data shows. The attacker address — 0xB9AE2624Ab08661F010185d72Dd506E199E67C09 — currently holds over $3.5 million worth of DAI, blockchain data shows. Nirvana’s trading functions were suspended by developers following the attack, as per messages by admins on the protocol’s Telegram channel. Source