Solana-based decentralized finance yield protocol, Nirvana, is the latest victim of a flash loan attack in the cryptocurrency space.
Data from blockchain security firm, PeckShield, revealed that the attacker managed to drain nearly $3.5 million worth of funds from the protocol.
It all started when the entity behind the exploit used a $10 million flash loan in USDC stablecoin to mint $10 million worth of ANA tokens from the Solend Main Pool Vault.
Flash loan attacks are basically a rapid pump-and-dump that uses the quick and collateral-free borrowing available via some DeFi platforms.
The protocol oracle feed was manipulated to artificially jack up the holdings of ANA tokens’ to surpass $10 million, which was then swapped for $13.49 million in USDT.
The hacker converted the full USDT amount into USDCet, thereby transferring the funds into an ETH account through Wormhole.
The attack eventually led to a drain of $3.49M USDT from the Nirvana Finance Treasury.
Nirvana is yet to release an official statement regarding the exploit, but Solend has confirmed the incident in a tweet,
“We’re aware of a @nirvana_fi exploit that made use of Solend flash loans. We’re in contact with the team to help in any way we can. Funds on Solend are safe.”
In recent months, several protocols have suffered flash loan attacks.
As reported earlier, DeFi protocol, Beanstalk Farms lost $180 million in a similar incident. It appeared that the hacker donated 250,000 USDC to the Ukraine Crypto Donation wallet.