Nirvana Finance was hacked for $3 million

Hacken Ecosystem
28 Jul, 2022
2 Minutes Read

A hacker stole $3.5 million from Nirvana Finance in a flash loan attack, draining $3 million from the protocol. The hacker sent funds to the ETH address through the Wormhole and converted them into DAI. 

Nirvana Finance is a small-size cryptocurrency with 16K Twitter followers. Their main offering is balanced earnings for moderate risk. Nirvana developers positioned their project as an “investment with known maximum downside and unlimited upside.” It turned out to be quite the opposite. After the attack, Nirvana’s ANA lost most of its value, taking a nosedive from $8.90 to $1.12. ANA has lost its collateral, and NIRV has lost its peg.

How the Attack Unfolded?

On July 29, Nirvana fell victim to a flash loan. Through Solend Protocol, the attacker borrowed $10M USDC from the Solend Main Pool Vault. Later, they exploited the smart contract to mint $10M ANA and swapped it for USDT. After that, the hacker returned $10M USDC to Solend and escaped with the money. The exploit happened due to the vulnerability in Nirvana’s code, not Solend. Most probably, the source of weakness was faulty swap functionality or data validation. 


Nirvana Finance team announced that NIRV and ANA will not have exchange value “Until the thief restores funds.” They asked users to be careful trading. In a later tweet, Nirvana established a hotline for the hacker to contact them and return the stolen funds, “On behalf of the Nirvana Finance community, we humbly ask that you return the stolen funds from our treasury.” We are extremely dubious whether the thief would return the funds.

Implications of the Attack

Nirvana Finance became the victim of a flash loan attack, the third most popular type of exploit, with a total loss of $642 million. This type of attack can be prevented by implementing proactive security measures. They could have audited their smart contract. In addition, they could have implemented a bug bounty program. HackenProof Triage Service would have identified the bug before the attacker. Being proactive with your security makes all the difference.

Read more on HackenProof Blog