Nirvana Finance Reboot: The Ins and Outs of the First Smart Contracts Attack Conviction Case

Last week saw many significant events, one of which was the eye-catching news that the algorithmic stablecoin project Nirvana Finance in the Solana ecosystem announced the relaunch of its V2 version. The project had to suspend operations after suffering a hacker attack in July 2022, losing over $3.5 million. The recent relaunch signifies that the relevant judicial proceedings have been completed and the stolen funds have been returned. This marks the conclusion of the first case in the United States resulting in a conviction due to smart contracts attacks, which is a milestone for countries following the maritime law system.

Background of Nirvana Finance's Flash Loan Attack

Nirvana Finance is an algorithmic stablecoin project on Solana that launched in early 2022. On July 28, 2022, the project was hacked, and all collateral for the stablecoin NIRV (approximately $3.5 million) was stolen. Although the project contracts are not open source, the hacker was still able to profit by using Solend's flash loan feature, which raised questions about the project team.

It is worth noting that Nirvana Finance previously claimed to have completed "automated auditing," but it clearly failed to serve its intended purpose. Co-founder Alex Hoffman revealed in an interview with a media outlet that the team had just begun the auditing work before the attack occurred. He admitted that they initially did not anticipate the project would receive such widespread attention until reports from Chinese media significantly increased the total value locked (TVL).

After the attack, the project came to a standstill, but its Discord community has been continuously maintained by official staff. The community is monitoring the stolen funds, but recovery efforts were once stalled due to the hacker's use of privacy tools such as tornado and Monero.

Breakthrough in the Case and Hacker Identity Revealed

On December 14, 2023, the situation took a turn. A 34-year-old former Amazon senior software security engineer, Shakeeb Ahmed, pleaded guilty in the Southern District Court of New York to computer fraud charges related to a hack of Nirvana Finance and another unnamed decentralized cryptocurrency exchange. The U.S. Attorney's Office stated that this is the first case to result in a conviction for a hack involving smart contracts.

On April 15, 2024, Shakeeb Ahmed was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges. On June 6, the stolen funds were transferred back to the project's designated account, marking the official recovery of the funds.

The True Source of the Case and the Investigation Process

In fact, the source of this case is the decentralized exchange Crema Finance, which was attacked in July 2022 and lost approximately $9 million. Shakeeb Ahmed attacked the platform through a flash loan and proposed a $2.5 million "white hat bounty" in exchange for immunity. Ultimately, Crema Finance agreed to accept a "bounty" of about $1.68 million.

The case of Nirvana Finance was locked after the hacker voluntarily confessed following their arrest. In addition to evidence such as personal computer browsing history, the hacker also used tools like mixing protocols, Tornado, and Monero for fund obfuscation.

The key to solving the case may lie in two points: first, the attacker had interactions with the address of a certain exchange or its associated nested exchange address. Second, the hacker may have made a mistake while using Tornado Cash, quickly redeeming the funds after depositing them, and the redeemed funds ultimately entered a certain centralized exchange. These clues provided a possibility for the judicial authorities to collaborate with the exchange, leading to the eventual capture of Shakeeb Ahmed in New York.

The successful resolution of this case is not only good news but also highlights two important issues: first, DApp developers must pay great attention to fund security; second, there is now a reference framework for handling such cases, which may have a certain deterrent effect on similar behaviors.