Solana DeFi protocol Nirvana drained for $3.5 million

A Solana-based yield protocol suffered $3.5 million losses in a flash loan attack that exploited incorrect price feeds, resulting in Nirvana’s native token and stablecoin crash.

According to the blockchain security company PeckShield, Nirvana was drained through a flash loan attack for about $3.5 million. Following the hack, Nirvana’s dollar-pegged stablecoin NIRV lost 92% of its value, dropping just to $.09. Protocol’s native token ANA also suffered massive price falls, crashing 89% from $8.97 to $0.9.

The attacker borrowed $10 million USDC from the Solend Main Pool Vault, which were used to mint $10 million worth of ANA tokens that were then swapped for $3.5 million worth of Tether (USDT) from Nirvana’s treasury wallet. After that, loaned $10 million of USDC were returned to the Solend pool, and stolen funds were bridged to the attacker’s Ethereum wallet via Wormhole, Solana.FM co-founder explained in his Twitter thread.

Solend announced on Twitter that it’s aware of the exploit and remains in contact with Nirvana in case the team needs their help, adding that the protocol’s funds were not affected by the hack. Nirvana also released a statement about the incident, saying that the attack is not the fault of Solend, but an exploit of Nirvana's program. Nirvana’s trading functions were suspended by developers, as they warned users to trade NIRV and ANA with caution due to their lack of exchange value.

Flash loan attacks are a common threat to DeFi protocols. In April, Ethereum-based stablecoin protocol Beanstalk suffered a total loss of around $182 million and the hacker got away with $80 million worth of tokens, making it the biggest flash loan attack to date.