🎉 Gate Square’s "Spark Program" Surpasses 1,000 KOLs!
💥 The creator ecosystem is in full bloom!
📈 Get featured, earn rewards, and grow your influence—what are you waiting for?
💰 Cash incentives ✔️
🚀 Traffic support ✔️
👑 Exclusive verification ✔️
From 0 to 1,000 in just weeks—Gate Square is becoming the epicenter of Web3 content! ⚡
You’re not just posting content, but the next "viral opportunity"!
🌟 Join the Spark Program and kickstart your breakthrough!
👉 https://www.gate.com/announcements/article/45695
Solana Algorithmic Stablecoin Nirvana Finance Rebirth Behind the First Smart Contracts Hacker Conviction Case
The Algorithmic Stablecoin project Nirvana Finance on Solana restarts, and the story behind it is worth following.
Last week, the financial markets welcomed several important news items, including the Federal Reserve's interest rate cut and the Bank of Japan's decision to remain unchanged. These events have significant impacts on short-term market trends, and investors need to follow the recovery of the labor market and inflation risks as two key factors.
However, a striking piece of news is that the algorithmic stablecoin project Nirvana Finance in the Solana ecosystem has announced the restart of its V2 version. The project was forced to suspend operations after suffering a hack in July 2022, resulting in a loss of over $3.5 million. The restart now indicates that the relevant judicial procedures have been completed, and the stolen funds have been recovered. This could be the first case in the United States to be convicted due to a smart contract attack, marking a milestone for the maritime law system, and the efficiency of handling similar cases is expected to improve significantly in the future.
Review of the Flash Loan Attack Incident on Nirvana Finance
Nirvana Finance is an Algorithmic Stablecoin project on Solana that launched in early 2022. On July 28, 2022, the project was hacked, and all collateral for the stablecoin NIRV was stolen, resulting in a loss of approximately $3.5 million. Although the project's contract is not open-source, the hacker still executed the attack using Solend's flash loan feature, which has raised some questions about the project team.
Interestingly, the project team previously claimed to have completed "automated audits," but clearly, they did not function as intended. Co-founder Alex Hoffman stated in a media interview that they had just begun formal audit work in the week the attack occurred. He admitted that they initially did not anticipate the project would attract such widespread attention until certain media reports triggered a surge in TVL.
The project came to a standstill after the attack, but its Discord community has remained active. Community members continue to monitor the movement of the stolen funds, but tracking efforts have been largely ineffective due to the hacker's use of privacy tools such as tornado and Monero.
Case Breakthrough: The First Hacker Convicted for Smart Contract Attack
On December 14, 2023, the case took a significant turn. A former senior software security engineer at Amazon named Shakeeb Ahmed pleaded guilty in the Southern District Court of New York to computer fraud charges related to a hack involving Nirvana Finance and another decentralized exchange. The U.S. Attorney's Office stated that this is the first case to be convicted due to a hack of a smart contract.
On April 15, 2024, Shakeeb Ahmed was sentenced to three years in prison for invading and scamming two cryptocurrency exchanges. On June 6, the stolen funds were finally returned to the account designated by the project party, marking the official completion of the recovery work.
Source of the Case and the Process of Arresting the Hacker
In fact, the entire case stems from the decentralized exchange Crema Finance, which suffered a loss of about $9 million in July 2022. Shakeeb Ahmed attacked the platform through a flash loan and subsequently proposed a "white hat bounty" scheme. The case of Nirvana Finance was locked after the hacker voluntarily confessed after being caught.
The key to apprehending hackers lies in two points: first, the attackers had interactions with certain exchange addresses; second, there were mistakes in the use of Tornado Cash. After depositing funds, the hackers quickly redeemed them, and the redeemed funds ultimately entered centralized exchanges. These clues provide a possibility for law enforcement agencies to collaborate with exchanges to track down suspects.
The successful handling of this case provides a reference for similar situations and also serves as a wake-up call for DApp developers regarding fund security. It may have a certain deterrent effect on related illegal activities, which is beneficial for the healthy development of the cryptocurrency ecosystem.