Nirvana Finance, a decentralized finance (DeFi) yield protocol on Solana, has suffered a flash loan exploit to the tune of about $3.5 million, according to PeckShield.
Nirvana's native token ANA and its stablecoin NIRV suffered massive price falls due to the attack. ANA slipped 89% from $8.97 to $0.93 while the stablecoin has lost 90% of its US dollar value in the process.
How did it happen?
On-chain data shows the attacker used a $10 million flash loan in USDC to mint $10 million worth of ANA tokens. Flash loans let you borrow large amounts of capital at low cost, as long as the loan is repaid in the same block. This flash loan was secured on the Solend Protocol.
The attacker then manipulated the protocol’s oracle feed thereby inflating the price of ANA coins so that their holdings exceeded $10 million. The attacker subsequently swapped what was actually $10 million in ANA tokens for $13.49 million in USDT.
This action drained $3.49 million from the Nirvana treasury. The exploited has since repaid the initial $10 million loan and has bridged the profit to this Ethereum wallet address via Wormhole and converted it to the DAI stablecoin.
Nirvana has not released an official statement about the exploit as of the time of publishing. The protocol did not immediately respond to The Block’s request for comments. Solend has released a statement that it is aware of the incident and is in touch with the Nirvana team while adding that its protocol was not affected by the exploit.
DeFi protocols across many networks are often a target for flash loan attacks. Beanstalk, an Ethereum stablecoin project, lost $182 million in April in the largest flash loan exploit recorded in the crypto space.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.