Nirvana Finance, a Solana-based yield protocol, saw its TVL go from $3.5 million to zero within a day.
Nirvana allowed users to earn annual returns (more than 100%) on their locked assets by creating and destroying tokens based on user demand, while ANA tokens were bought and sold to the protocol.
The attack exploited the erroneous price feed to siphon off the large sum via a flash loan, consequently crashing the NIRV stablecoin and the platform’s native ANA token.
On-chain data showed that the hacker opened, through the Solend protocol, a flash loan, an unsecured loan that is repaid within the same block, of 10 million USDC that were used to mint ANA tokens.
With this transaction, he manipulated the protocol oracle feed by inflating the price of ANA from $8 to $24, allowing him to resell the tokens for more than USDT 13.49 million.
After paying back the borrowed USDC 10 million, he was left with USDT 3.49 million, which was then converted into DAI and bridged to Ethereum.
With this action, he effectively drained almost all of the USDT 3.5 million from the Nirvana protocol wallet.
This was possible because the treasury considered the 10 million USDC infusion to be genuine and the protocol was hence tricked into releasing its treasury’s liquidity.
The attack resulted in Nirvana’s native ANA token losing 85% of its value, from $8.97 to $0.81, and the ecosystem’s dollar-pegged stablecoin, NIRV losing almost 90% of its value, currently trading for 0.12.
The protocol itself in the previous days had explained via tweets how inappropriate it was for defi protocols to try to provide increasingly high APY at the expense of the platform’s security, exposing users to ever greater risks.