Solana's stable project Nirvana Finance restarts: the first case convicted due to smart contracts attack

Last week, the financial markets were volatile, with the Federal Reserve cutting interest rates by 50 basis points and the Bank of Japan maintaining its policy. This suggests that it is unlikely to see major negative news in the short term. Investors should pay attention to two key indicators: the recovery of the labor market and the risk of inflation reigniting.

It is worth noting that the algorithmic stablecoin project Nirvana Finance in the Solana ecosystem has announced the restart of its V2 version. The project was forced to suspend operations after suffering a $3.5 million hack in July 2022. With the project's restart, it indicates that the relevant judicial procedures may have been completed, allowing for the recovery of the stolen funds. This could be the first case in the United States to convict due to a smart contracts attack, which would be a milestone for the common law system and is expected to improve the handling efficiency of similar cases.

Nirvana Finance遭遇闪电贷攻击

Nirvana Finance is an algorithmic stablecoin project on Solana that launched in early 2022. On July 28, 2022, a hacker exploited the flash loan feature to attack the project, stealing approximately $3.5 million worth of NIRV stablecoin collateral. Despite the project’s contracts not being open source, the hacker successfully carried out the attack, raising some questions about possible insider involvement.

The project's co-founder Alex Hoffman stated that the team had just begun auditing work in the week they were attacked. He admitted to underestimating the potential impact of the project until reports from Chinese media triggered a surge in TVL. At that time, the algorithmic stablecoin sector was receiving a lot of attention, and the CEO of Solana had also suggested accelerating the auditing process.

After the attack, the project came to a standstill, but the community remained active. Although the community continues to monitor the stolen funds, tracking efforts have not made substantial progress due to the hacker's use of privacy tools such as tornado and Monero.

First Conviction Case of Smart Contracts Attack

On December 14, 2023, the case took a turn. A former senior software security engineer at Amazon named Shakeeb Ahmed pleaded guilty in the Southern District of New York to computer fraud charges related to the Nirvana Finance attack. The U.S. Attorney's Office stated that this is the first case to be convicted due to a smart contracts attack.

On April 15, 2024, Shakeeb Ahmed was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges. On June 6, the stolen funds were returned to the project's designated account, marking the successful recovery of the funds.

Case Origin and Hacker Tracking

In fact, the source of this case is the decentralized exchange Crema Finance, which suffered a loss of about $9 million in July 2022. Shakeeb Ahmed attacked the platform through a flash loan and offered a $2.5 million "white hat bounty" in exchange for immunity. In the end, Crema Finance agreed to accept a bounty of about $1.68 million.

The attack on Nirvana Finance was actively confessed after the hacker was caught. In addition to personal computer browsing history, Ahmed also attempted to cover up his tracks using mixing protocols, Tornado, and Monero.

During the tracking process, SolanaFM's analysis found that the attacker interacted with a certain centralized exchange address. In addition, Ahmed made a mistake while using Tornado Cash and failed to sufficiently obfuscate the funds. Ultimately, through cooperation with the centralized exchange, law enforcement arrested him in New York.

The successful resolution of this case is not only good news but also highlights two important issues: first, DApp developers must place a high emphasis on the security of funds; second, there are now references for handling such cases, which are expected to have a deterrent effect on similar behaviors.