The Solana network has experienced a second flash loan assault within a month. This time, the victim was the decentralized finance (DeFi) yield system Nirvana, and according to on-chain statistics, the attacker took $3.5 million worth of assets.
The attacker carried out the vulnerability by obtaining a $10 million USDC flash loan using the Solana-based lending platform Solend Protocol. The borrowed funds were then utilized to create $ANA, Nirvana’s native currency.
The hacker accomplished this by manipulating the price of Nirvana’s native token $ANA to boost its value. Thus, the amount of borrowed funds in the exploiter’s possession approached $10 million.
The exploiter then exchanged the inflated money, which was initially valued at $10 million in $ANA, for $13.49 million in USDT, deducting the additional $3.49 million from Nirvana’s Treasury.
After the attack, the hacker refunded the $10 million USDC loan to Solend Protocol and transferred the $3.49 million exploit money to an Ethereum wallet using Wormhole bridge. The compromised funds have been converted to DAI and are in the possession of the attacker.
About seven hours after the hack, Nirvana issued a statement on the vulnerability, saying that it would pursue the stolen funds. The business noted that the error was not caused by Solend, but by “a software exploit by Nirvana.”
In the meanwhile, Solend remarked on the incident, stating that it has reached out to Nirvana for assistance in locating the exploiter. Additionally, the lending platform said that it was not impacted by the incident.
As a result of the exploit, the value of Nirvana’s native token $ANA plummeted by 81 percent, to $1.71 as of this writing.
Nirvana’s stablecoin $NIRV also saw a severe decline, resulting in the loss of its 1:1 peg to the US dollar. At the time of writing, $NIRV was trading at $0.18, implying a loss of more than 90 percent.