Solana-based stablecoin NIRV drops 85% following $3.5M exploit

The $3.5 million flash loan attack Solana-based Nirvana Finance saw the price of its stablecoin NIRV and native token ANA fall around 85% apiece.

Solana-based algorithmic stablecoin NIRV has become the latest stablecoin to fail, after dropping 85% from its dollar peg following a hack on adaptive yield protocol Nirvana Finance on Wednesday.

The flash loan attack, which also saw Nirvana Finance’s native token ANA drop by 85%, resulted in the loss of $3.49 million worth of Tether (USDT), with the SolanaFM team being the first to confirm that the funds were siphoned via a flash loan attack on July 27:

“Utilizing Solend Protocol’s Flash Loans, the hacker borrowed $10M USDC from the Solend Main Pool Vault which was used to exploit $3.49M USDT from the Nirvana Finance Treasury.”

At the time of writing, both NIRV and ANA are down roughly 85% to $0.14 and $1.33 apiece. On Nirvana’s website, it confirms that the protocol was “maliciously hacked and reserve funds are stolen. NIRV and ANA have lost their collateral, and do not have secured market value.”

What we know so far:

Nirvana has been maliciously hacked and the reserves have been stolen.

A flashloan attack was used to steal money. This is not the fault of Solend, but an exploit of Nirvana’s program.

— Nirvana Finance (@nirvana_fi) July 28, 2022

The Nirvana team is now offering the hacker a whitehat bounty of $300,000 and a “cessation” of the investigation into their identity. So far they revealed that the hacker’s wallet tied to a centralized exchange has been flagged.

“Please accept this good faith request and return our treasury for the good of the whole Nirvana community. You have not taken money from VCs or large funds—the treasury you have taken represents the collective hopes of everyday people,” it wrote. 

To The Nirvana Hacker:

On behalf of the Nirvana Finance community, we humbly ask that you return the stolen funds from our treasury. 1/5

— Nirvana Finance (@nirvana_fi) July 28, 2022

Another algo bites the dust

The algorithmically collateralized NIRV is unironically described by the protocol as a “superstable” token. According to an explanatory thread on Solana Forums, the asset is backed by a network of stablecoins in Nirvana’s reserves via a “decentralized peg delegation.”

“NIRV is always treated as $1 from the protocol’s point-of-view. This dollar value is denominated in ANA tokens. For instance, if the spot price of ANA is $12, the protocol accepts 12 NIRV to purchase an ANA token.”

In this instance, it appears that NIRV was depegged as a direct result of $3.49 million worth of USDT being stolen from Nirvana’s coffers. It marks yet another algo-stablecoin that has been severely depegged in 2022. Beanstalk Farm’s algorithmic stablecoin is sitting at $0.0022 after the protocol was hacked for $182 million in April.

Terra’s first variation of its algo-stablecoin Terra USD also famously imploded following a death spiral that resulted in $40 billion being wiped from the market in May.

How it worked

According to blockchain audit platform OtterSec, a hacker used a program to artificially pump the price of ANA from $8 to $24 via the flash loan. They were then able to mint ANA against the flash loan at the inflated price, and subsequently exchanged the asset for $3.49 million worth of USDT which was drained directly from Nirvana’s treasury.

OtterSec noted that his hack shared similarities with the attack on Crema Finance worth $10 million earlier this month, in which the attacker took out a flash loan from the Solend decentralized finance (DeFi) protocol to inflate pricing data and raid the protocol.

2/ This hack beared many similarities to previous hacks. Similar to the @Crema_Finance hack, this too used Solend flashloans.

The attacker’s program was also uploaded on-chain and closed immediately afterwards.

— OtterSec (@osec_io) July 28, 2022

SolanaFM also noted that the hacker exited the attack by converting “the full USDT amount into USDCet, transferring the funds into an ETH account” via Wormhole’s cross-chain bridge.

Related Posts

Over 1.2 Billion aUSD Minted in an Exploit of Polkadot’s DeFi Hub Acala

Polkadot’s decentralized finance (DeFi) hub Acala suffered a major attack on its newly launched liquidity pool on Sunday. The exploit allowed the hacker to mint more than…

Brazilian Crypto Investment Platform Bluebenx Stops Withdrawals Under Hack Allegations

Bluebenx, a Brazil-based cryptocurrency investment platform, suspended withdrawals last week due to an alleged hack that made the company lose more than $31 million. The company announced…

Aave Responds to Blocking Addresses Over Tornado Cash Clampdown

DeFi lending protocol Aave Protocol said the TRM API on its app was responsible for blocking addresses that received ETH from unknown sources through Tornado Cash. In…

Ripple Price Analysis: After 2 Months of Sideways, Will XRP Finally Breakout?

A strong resistance level has trapped Ripple for over two months, resulting in the price flirting between $0.3 to $0.39 during that period. It seems that the…

Wayru’s Decentralized Internet Network Goes Live

Web3 Telecommunications Startup Wayru has finally launched its decentralized internet network and Genesis hardware devices. This will usher in a new era of connectivity where anyone can…

NFT Adoption in Africa: What is the Current Reality?

Africa, the world’s second largest continent, with a population of over 1.6 billion, is still developing when it comes to technology adoption. In most cases, people in…

Generated by Feedzy