Solana-based decentralized financial yield protocol Nirvana is the latest victim of a flash loan attack in the cryptocurrency space.
Attackers managed to extract nearly $3.5 million worth of funds from the protocol, according to blockchain security firm PeckShield. It all started when the entity behind the breach minted $10 million worth of ANA tokens from the Solend main pool vault using a $10 million flash loan in the USDC stablecoin. A flash loan attack is basically a quick pump and dump that uses fast and unsecured lending available through some DeFi platforms. Protocol oracles were manipulated to artificially increase ANA token holdings to over $10 million, which were then exchanged for $13.49 million in USDT. The hacker converted the entire USDT amount into USDCet, thereby transferring the funds to the ETH account through Wormhole. The attack ultimately cost the Nirvana Finance Treasury $3.49 million in USDT. Nirvana has yet to issue an official statement about the vulnerability, but Solend confirmed the incident in a tweet,
“We are aware of a @nirvana_fi exploit that exploited Solend flash loans. We are reaching out to the team to help as best we can. Funds on Solend are safe.”
Several protocols have suffered flash loan attacks in recent months. As previously mentioned, DeFi protocol Beanstalk Farms lost $180 million in a similar incident. Hackers appear to have donated 250,000 USDC to a Ukrainian crypto donation wallet.