Solana stablecoin Nirvana dips 90% following a $3.5 million flash loan exploit

Another stablecoin has lost its peg against the US Dollars after the protocol suffered an exploit.

Nirvana Finance, a decentralised finance (DeFi) yield protocol on Solana, is the victim of a flash loan attack, losing roughly $3.5 million to the attackers. This is according to PerkShield. 

Following the attack, Nirvana’s native token ANA and its stablecoin NIRV recorded massive price falls. ANA has lost more than 89% of its value so far, dropping from $8.97 to $0.93.

The NIRV stablecoin has lost its peg against the US Dollar after losing more than 90% of its value since the attack. 

According to the on-chain data, the hacker(s) used a $10 million flash loan in USDC to mint $10 million worth of ANA tokens. With flash loans, people can borrow large amounts of capital at a low cost as long as the loan is repaid within the same block.

The data showed that the flash loan was secured on the Solend Protocol, a lending protocol on the Solana blockchain. 

The hacker proceeded to take advantage of Nirvana’s oracle feed, allowing them to inflate the price of ANA coins. Hence, ensuring that their holdings exceeded $10 million.

The attacker went on to swap the original $10 million worth of ANA tokens for $13.49 million worth of USDT stablecoin. 

The attack removed $3.49 million from the Nirvana treasury, with the attacker repaying the initial $10 million loan and moving the profit to an Ethereum wallet address via the Wormhole.

The attacker converted the funds to the DAI stablecoin afterward. At the moment, Nirvana is yet to release an official statement regarding the attack. 

The Solend team said they are aware of the attack and are in contact with the Nirvana team to see how they can help. 

We're aware of a @nirvana_fi exploit that made use of Solend flash loans. We're in contact with the team to help in any way we can. Funds on Solend are safe.

— 🙏🚫 Solend (we're hiring!) (@solendprotocol) July 28, 2022

DeFi protocols have suffered numerous flash loan attacks over the past year. In April, Beanstalk, an Ethereum stablecoin project, lost $182 million, in what is considered the largest flash loan exploit recorded so far in the cryptocurrency space.