CertiK: Hacker Breaches Nirvana Finance in $3.5 Million Flashloan Attack

Announcements, Crime, News, Opinion | July 29, 2022 By:

Nirvana Finance, an adaptive yield platform, was hit yesterday in a flash loan attack that drained over $3.5 Million from its protocol.

Cybersecurity audit firm CertiK analysis has revealed how the attacker first took out a loan of $10,250,000 USDC from the Solend Protocol, and then used it to buy ANA, the token used by Nirvana Finance. This allowed the hacker to manipulate the price of ANA from $8 to $24. With the price inflated, the hacker then swapped the ANA for ~$3,490,563 USDT from the Nirvana treasury. The rest was swapped back to USDC and used to repay the initial flash loan.

  • The funds have since been bridged from the Solana network to Ethereum and the attacker’s wallet (0xB9A) currently holds ~$3,574,635 in DAI.
  • As of writing, Nirvana Finance has yet to release a statement on the hack and are still investigating the incident. Solana FM have released a breakdown of the incident via Twitter account @0xFA2: https://twitter.com/0xfa2/status/1552576598506762240?s=21
  • This attack marks the latest in what has been a devastating year for flashloan attacks, with a total of $308,579,156 lost in Q2 due to the attack vector between April and July, meaning that Q2 had the highest amount lost via flash loan attacks ever recorded.

Speaking on the attack, CertiK CEO and Co-Founder Ronghui Gu said: “Flashloan attacks continue to be one of the major attack vectors in Web3. Whilst the existing set of web3 security tools such as audits and on-chain analytics are vital to prevention, it is essential that the web3 security industry continues to develop and hone its tools so that it can better detect and prevent these attacks.”