DeHacker Security
Published in

DeHacker Security

Nirvana Finance Suffers Flash Loan Attack

On July 28 Solana-based DeFi protocol, Nirvana Finance lost $3.5 million to a flash loan attack.

As one of such loan types, a Flash Loan Attack is an abuse of the smart contract security of a particular platform in which an attacker usually borrows a lot of funds that don’t require collateral. They then manipulate the price of a crypto asset on one exchange and quickly resell it on another one. The process is swift, and the attacker repeats the process multiple times before finishing and leaving without a trace.

Lean more about Flash Loan Attack:

https://medium.com/dehacker-security/what-is-a-flash-loan-attack-10c169c0bf23

CoinGecko data revealed that Nirvana’s native token ANA losing 85% of its value in this attack. The token’s price fell from $8.97 to as low as $0.81 within hours of the attack before rebounding to its current value of $1.26.

Nirvana Finance team confirmed this exploit and said they are “investigating the attack and will make an announcement to the community as soon as possible”.

The hackers borrowed the initial $10 million USDC from Solend, another DeFi protocol on Solana and then calls the Buy3 command in the Nirvana to step by step drive down the value of the ANA an enormous amount.

But later Nirvana clarified that the attack was not resulted by Solend but rather due to an exploit of its system.

By now, it seems like the team has no solutions about this event.

DeHacker is a team of auditors and white hat hackers who perform security audits and assessments. In addition to EVM, we have extensive audit experience in smart contract which deployed on chains like NEAR Protocol, Dfinity, Solana, etc. Our services include Smart Contract/Token/NFT/Wallet and Public Chain Security Audit, and cooperating with us can help you promote your credibility.

About DeHacker

DeHacker is a team of auditors and white hat hackers who perform security audits and assessments. With decades of experience in security and distributed systems, our experts focus on the ins and outs of system security. Our services follow clear and prudent industry standards. Whether it’s reviewing the smallest modifications or a new platform, we’ll provide an in-depth security survey at every stage of your company’s project. We provide comprehensive vulnerability reports and identify structural inefficiencies in smart contract code, combining high-end security research with a real-world attacker mindset to reduce risk and harden code.

Website | Twitter | Blog | Telegram

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store