As a result of the hacker attack, NIRV lost its peg to the dollar and fell heavily in price. The attackers managed to steal from Nirvana Finance a pool of $3.5 million with an instant loan. The attacker’s wallet has been found, and the Nirvana Finance team is trying to establish his identity.
We have already written about the collapse of Terra which was the beginning of hard times for stablecoins, but it’s not only the domino effect has caused trouble. NIRV, which we will talk about today, became a victim of intruders. The attack instantly affected the value of the stablecoin. According to CoinMarketCap, the day after the attack, the stablecoin lost about 85% of its value.
According to a block browser study, Solana.fm , the attack was carried out using instant loans in the decentralized Solendprotocol. The Solend team reported that they were aware of the incident and were in contact with the Nirvana Finance team.
Note that NIRV stablecoin works in conjunction with the ANA token, their interaction scheme is similar to that of Terra and Luna bundle.
In a post-mortem post Nirvana Finance accepted there was a technical glitch that allowed hackers to manipulate the price, using a large flash loan.
Let’s take a step-by-step look at how the attackers managed to steal $3.5 million:
- First, a hacker with the help of borrowed 10 million USDC minted ANA at a market price of $8.5. Somehow they managed to trick Nirvana’s smart contract to release ANA at that price while still automatically raising the AMM curve price to the necessary level of $24
- Then ANA was sold back to the contract at the elevated price ($13.49 possibly because of slippage). It is interesting that the resulting gain of $3.5 million was swapped for USDT, while the $10.25 million was converted to USDC and returned to Solend with the interest.
- USDT was transferred to the Ethereum network with Wormhole bridge .
As reported on Twitter by Nirvana Finance, the attacker’s wallet was discovered. The company called on the hacker to return the stolen funds and offered a reward of 300 thousand dollars for the vulnerability found.
The attack on NIRV has been the second case this month when fraudsters managed to steal funds using a loan in the Solend protocol. In early July, Crema Finance was attacked. On Twitter, the team talked about each stage of the hack, which was very similar to what happened with Nirvana Finance today.
At first, the company lost almost $10 million, but the hacker got in touch and as a result of negotiations agreed to return the funds, leaving 16.7% of the amount stolen earlier as a reward. Let’s hope that Nirvana Finance will also be able to recover some of the funds and complete the series of hacker attacks using the Solend protocol.