The Solana-based DeFi protocol Nirvana Finance was the victim of a flash loan attack in which $ 3.5 million was stolen.
The attack resulted in Nirvana’s native token ANA losing 85% of its value. The price dropped from $8.97 to as low as $0.81 within a few hours after the attack, before returning to $1.26 again.
The stablecoin NIRV, pegged to the US dollar, has also fallen by almost 90% and is currently at $ 0.12.
On-chain data showed that the attacker took out a loan of 10 million USDC to mint $ 10 million worth of ANA tokens, and then exchanged the $ 10 million ANA for 13.49 million USDT.
In this way, the attacker could steal $3.5 million from the Nirvana treasury, repay the USDC loan, and then move the stolen funds to an Ethereum wallet to convert them into DAI stablecoin.
The official Twitter account of Nirvana confirmed the exploit and stated that they are investigating the attack and will provide the community with more information about it as soon as possible.
Solend, another DeFi protocol on Solana confirmed that the attacker borrowed the initial 10 million USDC from their main pool.
The Solana-based credit protocol wrote on Twitter that it was already in contact with the Nirvana team and that the funds on their platform were safe.
Nirvana has since clarified that the attack was not a fault of Solend, but rather due to an exploit of its own system.
According to blockchain security firm OtterSec, the attack is similar to what happened earlier this month on Crema Finance, another Solana-based protocol.
The hacker uploaded a program to the blockchain and closed it after the exploit.
OtterSec went on to say that the hacker was able to use the flash loan attack to drive ANA’s price from $8 to $24, allowing them to claim USDC and USDT u this inflated price“.
Crema Finance lost $6 million from the flash loan attack, which forced the company to temporarily suspend its services.
