Cyber Incident Victim: Nirvana Finance

On July 28, 2022, Nirvana Finance, a Solana-based decentralized finance protocol offering high-yield lending services, suffered a $3.5 million exploit involving flash loan manipulation. The attacker utilized Solend Protocol’s flash loan feature to borrow $10 million USDC, then minted an equivalent value of Nirvana’s native ANA token. By artificially inflating ANA’s price from $8 to $24 through this minting process, the hacker created a false valuation that enabled them to convert the tokens into USDC and USDT at the elevated rate. This manipulation allowed the withdrawal of $3.5 million in USDT from Nirvana’s liquidity pools before repaying the initial flash loan. The attacker subsequently bridged the stolen funds to the Ethereum network using Wormhole, a cross-chain interoperability protocol. Blockchain data indicated the hack drained nearly all liquidity from Nirvana’s treasury, which had held approximately $3.5 million in ANA tokens prior to the incident.

The attack caused immediate financial devastation: Nirvana’s ANA token collapsed from $8.90 to $1.03 within hours—a 90% value loss—while its algorithmic stablecoin NIRV depegged from the dollar, plummeting to $0.13. Nirvana disabled all trading features following the exploit and publicly acknowledged the breach via Twitter, stating an ongoing investigation. Solend Protocol, whose flash loan mechanism facilitated the attack, confirmed contact with Nirvana to explore remediation options. The protocol’s total value locked effectively evaporated, reducing Nirvana’s remaining valuation to approximately $0.08 per token. No recovery of stolen funds or law enforcement actions were detailed in available reports, and the incident represented one of multiple major DeFi exploits involving Solana-based protocols in 2022, following the $325 million Wormhole bridge attack earlier that year.