A new decentralized finance protocol has imploded. It is Nirvana Finance, which runs on Solana’s blockchain.
Nirvana Finance liquidated
According to DeFiLlama‘s data, its TVL has all but dissolved. It went from $3.5 million to zero within a day.
The problem was caused by an exploit that allowed hackers to drain the protocol’s wallets via what appears to be a flash loan-based attack.
#PeckShieldAlert Seems like @nirvana_fi exploited @peckshield
Exploiters already bridged stolen funds to Ethereum 0xB9AE2624Ab08661F010185d72Dd506E199E67C09 https://t.co/xsByVkbWKi pic.twitter.com/hXWuLgnViZ— PeckShieldAlert (@PeckShieldAlert) July 28, 2022
NIRV, or the protocol’s stablecoin, lost peg and its value plummeted 85% in less than twenty minutes, while the native ANA token lost 80% of its value in the same period.
The exploit has been officially confirmed, but details have not yet been released.
The Nirvana protocol suffered an exploit today.
The Nirvana team is investigating the attack and will make an announcement to the community as soon as possible.
— Nirvana Finance (@nirvana_fi) July 28, 2022
Just a few days ago the official Twitter profile wrote:
“low risk = low reward
high risk = high reward
balanced risk = adaptive, sustainable, reasonable reward”.
low risk = low reward?
high risk = high reward?
balanced risk = adaptive, sustainable, reasonable reward ☯️?✨$ANA #Nirvana #DeFi https://t.co/RtWLcBZ3aQ
— Nirvana Finance (@nirvana_fi) July 25, 2022
According to initial official reconstructions, the attack exploited erroneous pricing feeds to drain the protocol’s $3.5 million TVL via a flash loan. As a result, the native token and stablecoin crashed.
On-chain data show that the hacker opened a $10 million USDC flash loan with which he minted $10 million worth of ANA tokens. Flash loans allow even large amounts to be borrowed without having to pledge anything as collateral, since they are repaid within the same block in which they are created. The Solend protocol was used for this flash loan.
The actual attack would be to manipulate the oracle feed of the protocol by inflating the price of ANA tokens. In this way, the value of the ANA minted by the hacker surpassed $10 million, so much so that he was later able to resell them by cashing in $13.49 million in USDT.
After returning the borrowed 10 million USDC, he was left with 3.49 million USDT, which was later converted into DAI.
With this action he effectively drained almost the entire $3.5 million from the Nirvana protocol wallet.
Solend stated that its protocol was not affected by the exploit.
Source: https://en.cryptonomist.ch/2022/07/28/solana-implosion-defi-nirvana-finance-protocol/