$3.5M was stolen in a hacker attack on the Nirvana Finance

On July 28, 2022, the decentralized finance project Nirvana Finance based on the Solana blockchain was hit by attackers who accessed the service and stole $3.57 million through the use of virus software.

On the same day, the Nirvana Finance team reported on their Twitter about the hack, promising to stop investigating the hackers and to pay a "reward" of $300 000 in exchange for the return of the funds.

Decentralized finance service Nirvana Finance is a DeFi-based investment service with balanced risk and adaptive returns of up to 60% per annum.

Analysts of the TokenScope Team decided to look into the circumstances of the theft of funds and made their own research of the hacking in stages:

Stage 1: For the hacking purposes, the attackers exploited a vulnerability in the Nirvana Finance smart contract and took a $10 million USDC flash loan from Solend's core pool vault. The instant loan hack was made by quick pumping and dumping of the assets that used instant and collateral-free borrowing available on the DeFi platforms.

Stage 2: Using funds borrowed from Solend ($10 million), hackers using the SOLANA token address 76w4SBe2of2wUsx2FjkkwD29rRznfvEkBa1upSbTAWH attacked platform addresses CxuuSEv67PzNkMxqCvHeDUr6HKaadoz8NhTfxbQSJnaG and 76w4SBe2of2wWUsx2FjkwD29rRznznfvEkBa1upSbTAWH and issued ANA tokens $13.49 million of worth.

Stage 3: The hackers exchanged the issued ANA tokens for USDT Stablecoin resulting in $13.49 million and returned $10 million USDC flash credit back to the Solend pool.

Stage 4: The received USDT was converted to USDC and transferred to the 0xB9AE2624Ab08661F0185010185d72Dd506E199E67C09, from which via 1inch v4: Router service 0x1111111254fb6c44bac0bed2854e76f90643097d and Wormhole: Portal Token Bridge 0x3ee18b2214aff97000d974cf647e7c347e8fa585 addresses were converted to DAI coin to the original address 0xB9AE2624Ab08661F010185d72d506E199E67C09, where currently $3.49 million is stored.

Project Nirvana Finance's ANA coin and NIRV Stablecoin dramatically lost their value after the hacker attack. According to CoinGecko, ANA fell 85% to $1.28. Project NIRV Algorithmic Stablecoin lost its peg to the U.S. dollar, with the asset trading around $0.08.

Nirvana Finance tweeted that the ANA coin has lost its collateral and NIRV has lost its peg to the dollar and until the attacker returns the funds, the tokens will have no exchange value. Trading of ANA and NIRV coins has been suspended due to which the owners of the tokens approached their creators Nirvana Finance and demanded to provide an exit from the "Nirvana" assets and to clarify the situation. However, the creators have not yet responded.

We are monitoring the further developments of the situation.

You can report us any cases related to specific cryptocurrency addresses and the considered risks at TokenScope via "Report cryptocurrency address" form. This will help to protect other users from the risks of interacting with such addresses and their owners.