Nirvana is a Solana-based DeFi protocol that offers an investment gateway for funds storage. Its native token is ANA and the protocol features bounded risk which utilizes partial collateralization, diversified stablecoin reserves for ultra-low-risk backing value, a call-option incentive system for renewable yield, and true protocol-owned liquidity, among others.
Data reports show that the protocol has been manipulated and its liquidity pool worth around $3.5 million was drained via a flash loan exploit. The protocol’s native currency, the ANA token, experienced a sharp decline of over 80% hours later and its stablecoin (NIRV) got unpegged from USD. Nirvana allowed users to earn annual yields of over 100% on their locked assets by creating and destroying tokens based on user demand as the ANA tokens were bought from and sold to the protocol. The attack on NIRVANA took place on Thursday 28th July 2022 and before the attack, the protocol had locked assets of over $10 million ANA tokens (USDC), worth around $3.5 million in cash (USDT).
Attacks on decentralized finance (DeFi) systems through flash loans are somewhat expected because it is an easy way for attackers to gain the funds to conduct exploits on DeFi systems. The Beanstalk stablecoin protocol experienced a similar attack in April that drained the protocol of $182 million and even more recently, more than $1.2 million was taken from Inverse Finance.
Data shows the attack on NIRVANA used over $10 million (USDC) sourced from the lending tool, Solend, in a flash loan. At that point over $10 million worth of ANA was minted, or created, and the entire amount was swapped to receive $3.5 million worth of tether (USDT) from Nirvana’s treasury wallet. The treasury considered the $10 million (USDC) infusion to be genuine, however, it wasn’t and the treasury was tricked into releasing its treasury’s liquidity.
The $10 million (USDC) was returned to Solend after the attack and the stolen funds were transferred to the Ethereum network using Wormhole. This blockchain tool connects Solana to other networks and converted it to DAI, an Ethereum-based stablecoin. The attacker’s address – 0xB9AE2624Ab08661F010185d72Dd506E199E67C09 – held over $3.5 million worth of DAI after the exploit. Developers suspended Nirvana’s trading functions following the attack and messages by admins on the protocol’s Telegram channel.
Nirvana had not responded to requests for comments by publication time.