On Thursday, 28 July 2022, Nirvana finance, an adaptive yield protocol on the Solana blockchain, was exploited for $3.49 million. The effect of this is a staggering -85% crash of the protocol’s native token, ANA. The current price of ANA is $1.28, down from $3.98 24 hours ago.
Here are the details of the flash loan attack.
What is Nirvana Finance?
Nirvana finance is a DeFi protocol that exists on the Solan blockchain. The platform offers the promise of a balanced risk investment with adaptive yield. According to the official Nirvana website, the ANA token transforms risk into reward. ANA’s built-in rising floor price made it an investment “with known maximum downside and an infinite upside.” But why did it fail?
Using Solend, an Algorithmic, decentralized lending and borrowing protocol on Solana, the attacker borrowed $10 million USDC from the Solend main pool vault. The hacker then proceeded to mint $10M worth of ANA using the USDC borrowed from Solend.
The malicious actor later swapped the ANA for USDT and received $3.5M from Nirvana Treasury, making it a total of $13.5M. The attacker repaid the $10M USDC loan he took from Solend and remained with $3.5M
The malicious actor converted the USDT amount to USD Coin (Wormhole from Ethereum) (USDCet), and successfully transferred the funds from the Solana blockchain into an Ethereum account. Shortly afterward, the exploiter converted the USDC to DAI on 1inch DEX. The DAI is sitting in his wallet currently.
The need for more secure systems in blockchain has never been direr. Even with smart contract audits, people still find a way to exploit multi-million dollar DeFi protocols. Many may shun away the thought of regulations as infringing on decentralization, but the truth is these hackers and exploiters need to be held accountable for their actions. However, until that time comes, you are responsible for securing your funds.