Solana-based decentralized finance protocol Nirvana Finance was exploited in a flash loan attack for US$3.49 million on July 28, the firm announced in a Twitter post, causing its tokens to topple by more than 80%.

See related article: C.R.E.A.M. Finance suffers $28M flash loan hack

Fast facts

  • Using flash loans on lending protocol Solend, the attacker borrowed US$10 million USDC and used it to mint over US$10 million worth of Nirvana’s ANA token. 
  • The hacker then swapped the ANA tokens with USDT stablecoins and received US$13.49 million USDT. 
  • The attacker then returned the borrowed US$10 million to Solend’s main pool vault and made off with the remaining funds. 
  • The attack caused ANA to lose more than 82% of its value in 24 hours to trade at US$1.48 in afternoon trade in Hong Kong on Friday, while Nirvana’s dollar-pegged stablecoin NIRV lost its peg and fell by more than 83% in the past 24 hours, according to CoinMarketCap
  • Nirvana Finance said that it was the yield protocol that was exploited, and not as a fault of Solend, and it is working with different resources to uncover the identity of the perpetrator and recover the funds stolen from the treasury.
  • Nirvana has posted a public plea to the attacker on Twitter, asking for the return of stolen funds in exchange for a US$300,000 white hat bounty and a halt in the investigation. 

See related article: Horizon’s US$100 mln crypto hack prompts FBI investigation