Nirvana Finance hacked for $3.5 million in a flash-loan attack

Nirvana Finance suffered an exploit on Thursday resulting in a $3.5 million loss, causing its native token ANA to plummet by over 85%.

The attack started with a flash-loan worth $10 million USDC borrowed from the Solend Main Pool Vault used for minting over $10 million worth of ANA tokens that the hacker swapped for USDT. This resulted in a nearly $3.5 USDT million profit for the malicious party, which then timely returned the $10 million USDC borrowed from Solend, converted the USDT profit into USDCet, and finally transferred the stolen assets into an Ethereum account through the Wormhole bridge.

The stolen funds account for the protocol’s reserves making ANA lose its collateral and the NIRV token lose its peg. The Nirvana Finance team states that “until the thief restores funds, these tokens will not have value” reminding its community to be careful when trading the assets.

Hours following the Nirvana hack, the team posted a letter addressed to the Nirvana hacker asking them to return the stolen funds and stating that a CEX address connected to the attacker has been flagged and the company is employing various resources to uncover their identity and recover the stolen funds. In exchange for the return of the funds, the project is offering a $300,000 white hat bounty as well as ending their investigation. Nirvana reminds the attacker that the stollen funds aren’t owned by a VC or a large fund, but “represents the collective hopes of everyday people”, urging the hacker to contact the Nirvana team at [email protected] and open a dialogue.

Nirvana Finance is a Solana-based yield farming protocol promising its users over 100% annual yield on their locked assets, earned by creating and destroying ANA tokens based on demand created by buying and selling it on the protocol.