Solana-based algorithmic stablecoin NIRV has become the latest stablecoin to fail, after dropping 85% from its dollar peg following a hack on adaptive yield protocol Nirvana Finance on Wednesday.
The flash loan attack, which also saw Nirvana Finance’s native token ANA drop by 85%, resulted in the loss of $3.49 million worth of Tether (USDT), with the SolanaFM team being the first to confirm that the funds were siphoned via aon July 27:
“Utilizing Solend Protocol’s Flash Loans, the hacker borrowed $10M USDC from the Solend Main Pool Vault which was used to exploit $3.49M USDT from the Nirvana Finance Treasury.”
At the time of writing, both NIRV and ANA are down roughly 85% to $0.14 and $1.33 apiece. On Nirvana’s website, it confirms that the protocol was “maliciously hacked and reserve funds are stolen. NIRV and ANA have lost their collateral, and do not have secured market value.”
What we know so far:
Nirvana has been maliciously hacked and the reserves have been stolen.
A flashloan attack was used to steal money. This is not the fault of Solend, but an exploit of Nirvana’s program.
— Nirvana Finance (@nirvana_fi)
The Nirvana team is now offering the hacker a whitehat bounty of $300,000 and a “cessation” of the investigation into their identity. So far they revealed that the hacker’s wallet tied to a centralized exchange has been flagged.
«Please accept this good faith request and return our treasury for the good of the whole Nirvana community. You have not taken money from VCs or large funds—the treasury you have taken represents the collective hopes of everyday people,» it wrote.
To The Nirvana Hacker:
On behalf of the Nirvana Finance community, we humbly ask that you return the stolen funds from our treasury. 1/5
— Nirvana Finance (@nirvana_fi)
Another algo bites the dust
The algorithmically collateralized NIRV is unironically described by the protocol as a “superstable” token. According to an explanatoryon Solana Forums, the asset is backed by a network of stablecoins in Nirvana’s reserves via a “decentralized peg delegation.”
“NIRV is always treated as $1 from the protocol’s point-of-view. This dollar value is denominated in ANA tokens. For instance, if the spot price of ANA is $12, the protocol accepts 12 NIRV to purchase an ANA token.”
In this instance, it appears that NIRV was depegged as a direct result of $3.49 million worth of USDT being stolen from Nirvana’s coffers. It marks yet another algo-stablecoin that has been severely depegged in 2022. Beanstalk Farm’s algorithmic stablecoin is sitting at $0.0022 after the protocol wasin April.
Terra’s first variation of its algo-stablecoin Terra USD also famously imploded following a death spiral that resulted inin May.
How it worked
According to blockchain audit platform OtterSec, a hacker used a program to artificially pump the price of ANA from $8 to $24 via the flash loan. They were then able to mint ANA against the flash loan at the inflated price, and subsequently exchanged the asset for $3.49 million worth of USDT which was drained directly from Nirvana’s treasury.
OtterSec noted that his hack shared similarities with theworth $10 million earlier this month, in which the attacker took out decentralized finance (DeFi) protocol to inflate pricing data and raid the protocol.
2/ This hack beared many similarities to previous hacks. Similar to thehack, this too used Solend flashloans.
The attacker’s program was also uploaded on-chain and closed immediately afterwards.
— OtterSec (@osec_io)
SolanaFM also noted that the hacker exited the attack by converting “the full USDT amount into USDCet, transferring the funds into an ETH account” via Wormhole’s cross-chain bridge.