Solana's relatively stable project Nirvana Finance restarts: The beginning and end of the first case convicted due to smart contracts attack.

Last week, the financial markets were met with several important news. The Federal Reserve aggressively cut interest rates by 50 basis points, while the Bank of Japan chose to remain steady. These decisions suggest that there may not be excessively negative information in the coming weeks. In this process, investors mainly need to pay attention to two key factors: the recovery of the job market and the risk of inflation reigniting.

However, a striking piece of news comes from the Solana ecosystem. The algorithmic stablecoin project Nirvana Finance, which suffered a hack of over $3.5 million in July 2022, announced the relaunch of its V2 version. This news suggests that the relevant judicial authorities may have completed the handling of the stolen funds. This case could become the first in the United States to result in a conviction due to a smart contracts attack, holding significant symbolic meaning for common law systems. In the future, the handling process for similar cases is expected to improve significantly.

Nirvana Finance Faces Flash Loan Attack

Nirvana Finance is an algorithmic stablecoin project on the Solana network, launched in early 2022. On July 28, 2022, the project was hacked, resulting in the theft of all collateral for the stablecoin NIRV, with losses of approximately $3.5 million. Although the project contracts are not open-source, the hacker still managed to profit by exploiting Solend's flash loan functionality, raising some questions about possible insider involvement.

It is worth noting that before the attack, Nirvana Finance claimed to have completed "automated auditing," but it turned out that this did not have the intended effect. Project co-founder Alex Hoffman revealed in a media interview that the team had just started the auditing work in the week the attack occurred. He admitted that they initially did not anticipate that the project would attract such significant attention, until reports from some Chinese media led to a substantial increase in the total locked value (TVL).

During the heyday of Luna algorithm stablecoin projects, Nirvana Finance naturally attracted widespread attention. Solana's CEO Anatoly Yakovenko even personally urged Hoffman to conduct a smart contracts audit and tried to expedite the auditing process.

Turn of Events in the Case and Revelation of Hacker's Identity

After being attacked, the Nirvana Finance project came to a standstill, but its Discord community has remained active. Community members continue to monitor the stolen funds, but tracking efforts have stalled due to the hacker's use of anonymizing tools such as tornado and Monero.

On December 14, 2023, the case took a significant turn. A 34-year-old former Amazon senior software security engineer, Shakeeb Ahmed, pleaded guilty in the Southern District of New York to computer fraud charges related to the hacking of Nirvana Finance and another decentralized cryptocurrency exchange. The U.S. Attorney's Office stated that this is the first case in history to result in a conviction for hacking smart contracts.

Despite the setbacks faced by the project, the founder of Nirvana Finance has not ceased innovation, turning instead to develop other projects such as superposition finance and concordia systems. This also reflects the advantage of maintaining a certain level of anonymity, at least avoiding the excessive transfer of negative emotions.

On April 15, 2024, Shakeeb Ahmed was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges. On June 6, the stolen funds were finally transferred back to the project’s designated account, marking a successful resolution of the case.

Case Study: From Crema Finance to Nirvana Finance

In fact, the origin of this case can be traced back to Crema Finance. The attack incident of Nirvana Finance was locked down after the hacker voluntarily confessed following their arrest. Shakeeb Ahmed, a senior security engineer skilled in software reverse engineering, was able to conduct the attack even without the contract being open-sourced. This explains why Nirvana Finance suffered an attack despite not being open-sourced.

According to documents released by the U.S. Department of Justice, the case began in July 2022 with a decentralized exchange that suffered a loss of approximately $9 million, believed to be Crema Finance. On July 4th, Ahmed attacked the platform through a flash loan and offered a "white hat bounty" of $2.5 million in exchange for dropping the prosecution. Ultimately, Crema Finance agreed to accept a bounty of approximately $1.68 million.

How Did the Hacker Finally Get Caught?

There may be two key factors regarding the reason why Ahmed was ultimately arrested:

1. According to the analysis by SolanaFM, the attacker interacted with a certain exchange address or its associated nested exchange address, which has become an important clue for tracking.

2. Ahmed made a mistake while using an anonymization tool. He conducted a redemption transaction shortly after depositing funds, and the redeemed funds ultimately entered another centralized exchange. These actions provided the judiciary with the possibility of tracking.

Finally, by cooperating with relevant centralized exchanges, law enforcement successfully arrested Shakeeb Ahmed in New York.

The successful resolution of this case is not only good news, but also reflects two important issues: first, for DApp developers, the security of funds must be the primary consideration. Second, there is now a reference template for handling such cases, which should have a certain deterrent effect on similar criminal behaviors.