{"id":457,"date":"2023-01-31T14:59:37","date_gmt":"2023-01-31T12:59:37","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=457"},"modified":"2023-01-31T14:59:37","modified_gmt":"2023-01-31T12:59:37","slug":"2022-solana-hacks-explained-nirvana","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/2022-solana-hacks-explained-nirvana\/","title":{"rendered":"2022 Solana Hacks Explained: Nirvana"},"content":{"rendered":"

Nirvana Finance<\/strong><\/a> is a Solana-based DeFi protocol<\/strong> with an algorithmic stablecoin.<\/span><\/p>\n

What happened\u00a0<\/strong><\/p>\n

On July 28, 2022, it ran into liquidity issues<\/strong> due to a flash loan<\/strong> attack where an attacker drained<\/strong> approximately $3.5M<\/strong> from the liquidity pool. The protocol is closed source<\/strong> and underwent only an automated audit<\/strong><\/a> before the exploit. A manual human audit<\/strong> is still being scheduled<\/strong> as of the time of writing (January 2023).<\/span><\/p>\n

Exploit Details<\/b><\/p>\n

The attacker used a flash loan<\/strong> from a lending protocol Solend, borrowed 10M USDC<\/strong>, and used it to mint over $10M<\/strong> worth of Nirvana’s ANA<\/strong> token. Afterwards, he swapped<\/strong> the ANA tokens to USDT stablecoins and received 13.49M USDT<\/strong>. Finally, he returned<\/strong> the borrowed 10M<\/strong> from Solend, which resulted in a $3.49M profit.<\/strong><\/span><\/p>\n

Based on the technical post-mortem analysis<\/a> from the Nirvana Finance team, the attacker was able to manipulate the inputs to the program<\/strong> and buy the ANA token at an artificially low price.\u00a0<\/strong><\/span><\/p>\n

In simple words,<\/b> very much like in case with Solend<\/a>, it was a combination of a market manipulation<\/strong> with some hacking<\/strong>: first he artificially lowered the price<\/strong> to buy himself ANAs and by doing so, the exploiter pushed the price upwards<\/strong> and made a profit from the spread.<\/strong><\/span><\/p>\n

Reference<\/strong><\/p>\n

1<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Nirvana Finance is a Solana-based DeFi protocol with an algorithmic stablecoin. What happened\u00a0 On July 28, 2022, it ran into liquidity issues due to a flash loan attack where an attacker drained approximately $3.5M from the liquidity pool. The protocol is closed source and underwent only an automated audit before the exploit. A manual human audit is still being scheduled as of…<\/p>\n","protected":false},"author":15,"featured_media":458,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[85,84,5],"tags":[14,86,6,19],"class_list":["post-457","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-exploits","category-hacks","category-solana","tag-exploit","tag-hack","tag-solana","tag-solana-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t