Solana DeFi Protocol Nirvana Drained of Liquidity After Flash Loan Exploit
The price of the protocol’s ANA token fell almost 80% following the attack.
Jul 28, 2022 at 11:41 a.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/XJTG7PYRNRDVVD2G3NV54BW2YM.jpg)
Solana-based yield protocol Nirvana Finance suffered a $3.5 million exploit. (Kevin Ku/Unsplash)
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
Nirvana Finance, a Solana-based yield protocol, suffered a $3.5 million exploit utilizing flash loans to manipulate and drain its liquidity pools, blockchain data shows.
The price of the protocol’s native ANA token fell over 80% in the past few hours, while its NIRV stablecoin lost its peg to the U.S. dollar and dropped to 8 cents at writing time, CoinGecko data shows.
Nirvana allowed users to earn annual yields of over 100% on their locked assets by creating and destroying tokens based on user demand as the ANA tokens were bought from and sold to the protocol. Over $3.5 million worth of ANA was locked on the protocol before the attack on Thursday.
Flash loans are a popular way for attackers to gain the funds to conduct exploits on decentralized finance (DeFi) systems. In April, the Beanstalk stablecoin protocol was drained of $182 million, and last month more than $1.2 million was taken from Inverse Finance.
The loans allow traders to borrow unsecured funds from lenders using smart contracts instead of third parties. They do not require any collateral because the contract considers the transaction complete only when the borrower repays the lender. This means a borrower defaulting on a flash loan would cause the smart contract to cancel the transaction and the money would be returned to the lender.
Data from blockchain explorers shows the attack used over 10 million USDC sourced from lending tool Solend in a flash loan. At that point over $10 million worth of ANA was minted, or created, and the entire amount swapped to receive $3.5 million worth of tether (USDT) from Nirvana’s treasury wallet.
This was possible because the treasury considered the 10 million USDC infusion to be genuine. However, it wasn't, and the protocol was hence tricked into releasing its treasury's liquidity.
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/H7M3ZZT5GRGPTOUU6AVLMR772U.png)
The total value locked (TVL) on Nirvana fell to 7 cents in European morning hours following the attack. Its entire liquidity pool was effectively drained, data from DeFi Llama shows.
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/EYC7TCV645HIFIIMHO2EMSFFII.png)
The 10 million USDC was returned to Solend after the exploit. The stolen funds were transferred to the Ethereum network using Wormhole, a blockchain tool that connects Solana to other networks, and converted to DAI, an Ethereum-based stablecoin, blockchain data shows.
The attacker address – 0xB9AE2624Ab08661F010185d72Dd506E199E67C09 – currently holds over $3.5 million worth of DAI, blockchain data shows.
Nirvana’s trading functions were suspended by developers following the attack, as per messages by admins on the protocol’s Telegram channel.
Nirvana had not responded to requests for comments by publication time.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.