Audit log

Every state-changing event for Nirvana Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-31 06:59:52Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,324,608

   sig

   aJj8i7KqpGzJ…66ynP112copyexplorer ↗

   hash

   36PXoMPaYrJc…tQYCdsKbcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (22550 B) ▸

   {"actor":"system:backfill","investigation_id":"2a305f6a-96de-407d-bd05-9f115a4730cb","kind":"publish","page_slug":"nirvana-finance","published_at":"2026-05-31T06:59:52.738Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Nirvana Finance","sections":[{"content":"Nirvana Finance launched on the Solana blockchain as a twin-token system comprising ANA, an algorithmically generated metastable store-of-value token with a rising price floor guaranteed by protocol reserves, and NIRV, a decentralized superstable token pegged to the U.S. dollar and denominated in ANA. The protocol's core mechanism, the Market-Driven Mint, set ANA's price algorithmically based on demand, with the floor price designed to rise and never recede. The treasury was funded by stablecoins and protocol-owned liquidity, and users could borrow NIRV against ANA at risk-free leverage because ANA's floor value provided collateral guarantees. According to community reporting, the protocol's TVL briefly reached approximately $25 million within its first week of launch before retreating. At the time of the exploit, the protocol had not completed a manual security audit; it had undergone only an automated code review, and a formal audit was scheduled for the week the attack occurred. Solana co-founder Anatoly Yakovenko had reportedly urged the Nirvana team to conduct a security audit prior to the attack.","heading":"Protocol Background","severity":"medium","sources":[{"credibility":2,"name":"Nirvana Finance Protocol Documentation — ANA Element","type":"official","url":"https://docs.nirvana.finance/elements/ana"},{"credibility":2,"name":"Nirvana Finance Protocol Documentation — NIRV Element","type":"official","url":"https://docs.nirvana.finance/elements/nirv"},{"credibility":2,"name":"Ackee Blockchain: 2022 Solana Hacks Explained — Nirvana","type":"news","url":"https://ackee.xyz/blog/2022-solana-hacks-explained-nirvana/"}]},{"content":"On July 28, 2022, an attacker later identified as Shakeeb Ahmed executed a flash loan attack that drained approximately $3,574,635 from Nirvana's treasury. The attack proceeded in the following steps: Ahmed borrowed approximately $10.25 million USDC from the Solend lending protocol using a flash loan; he then interacted with Nirvana's smart contract using the 'Buy 3' command to purchase a large quantity of ANA tokens, which artificially inflated ANA's spot price from roughly $8 to approximately $24 by manipulating the protocol's internal pricing mechanism; with the ANA price artificially elevated, Ahmed swapped the acquired ANA back through Nirvana's treasury for approximately $13.49 million in USDT; after repaying the $10.25 million USDC flash loan to Solend, Ahmed retained a net profit of approximately $3.5 million. The stolen USDT was subsequently bridged from Solana to Ethereum via the Wormhole cross-chain bridge and converted to DAI stablecoin. On-chain records identify the attacker's Solana address as 76w4SBe2of2wWUsx2FjkkwD29rRznfvEkBa1upSbTAWH and the Nirvana treasury contract as CxuuSEv67PzNkMxqCvHeDUr6HKaadoz8NhTfxbQSJnaG. The Ethereum recipient address was 0xB9AE2624Ab08661F010185d72Dd506E199E67C09. CertiK's incident analysis classified the core vulnerability as a price manipulation exploit enabled by the protocol's failure to adequately validate or bound single-transaction price movements against flash-loan-scale inputs. The exploit occurred the same week Nirvana was scheduled to commence its formal security audit.","heading":"July 28, 2022 Flash Loan Exploit","severity":"critical","sources":[{"credibility":1,"name":"CoinDesk: Solana DeFi Protocol Nirvana Drained of Liquidity After Flash Loan Exploit","type":"news","url":"https://www.coindesk.com/tech/2022/07/28/solana-defi-protocol-nirvana-drained-of-liquidity-after-flash-loan-exploit"},{"credibility":1,"name":"The Block: Solana stablecoin Nirvana sinks 90% amid $3.5 million flash loan exploit","type":"news","url":"https://www.theblock.co/post/159975/solana-stablecoin-nirvana-sinks-90-amid-3-5-million-flash-loan-exploit"},{"credibility":2,"name":"CertiK: Nirvana Finance Incident Analysis","type":"news","url":"https://www.certik.com/resources/blog/1UBzEHHu35dJdJOGsuf85D-nirvana-finance-incident-analysis"},{"credibility":2,"name":"CryptoSlate: Solana-based Nirvana loses $3.5M to flash loan exploit; tokens tank 90%","type":"news","url":"https://cryptoslate.com/solana-based-nirvana-loses-3-49m-to-flash-loan-exploit-tokens-tank-90/"},{"credibility":2,"name":"Rekt News: Nirvana Finance — REKT","type":"news","url":"https://rekt.news/nirvana-rekt"}]},{"content":"Following the exploit, Nirvana's two tokens suffered immediate and severe price dislocations. ANA fell approximately 85–89%, dropping from roughly $8.97 to under $1. NIRV, designed as a decentralized stablecoin pegged to $1.00, lost approximately 85–90% of its dollar value, trading as low as $0.08–$0.14. Because the $3.5 million stolen from the treasury constituted effectively all the protocol's liquid reserves, the backing for NIRV was eliminated. The depeg was permanent; the protocol could not recollateralize NIRV without the stolen funds. Nirvana's trading functions were suspended by developers shortly after the attack was detected, as communicated through the protocol's official Telegram channel. The protocol's total value locked fell from approximately $3.5 million to effectively zero within hours of the attack.","heading":"Token Price Collapse and NIRV Depeg","severity":"critical","sources":[{"credibility":1,"name":"CoinTelegraph: Solana-based stablecoin NIRV drops 85% following $3.5M exploit","type":"news","url":"https://cointelegraph.com/news/solana-based-stablecoin-nirv-drops-85-following-3-5m-exploit"},{"credibility":1,"name":"CoinDesk: Solana DeFi Protocol Nirvana Drained of Liquidity After Flash Loan Exploit","type":"news","url":"https://www.coindesk.com/tech/2022/07/28/solana-defi-protocol-nirvana-drained-of-liquidity-after-flash-loan-exploit"}]},{"content":"On July 28, 2022, at approximately 9:00 PM UTC, Nirvana Finance published a message on Twitter requesting that the exploiter return the stolen funds, offering a white-hat bug bounty of $300,000 and a cessation of any investigation into the attacker's identity. The team subsequently increased the bounty offer to as much as $600,000. Ahmed, however, countered with a demand for $1.4 million and did not reach agreement with the Nirvana team; he retained all stolen funds. On July 31, 2022, Nirvana Finance released an official post-incident statement on their Medium page. The protocol's co-founder, identified publicly as Alex Hoffman, later described July 28, 2022, as the worst day of his life in a subsequent interview. The protocol's closed-source design and absence of a completed manual audit at the time of the exploit were noted as compounding factors in community post-mortems.","heading":"Team Response and Attempted Negotiation","severity":"high","sources":[{"credibility":2,"name":"TRM Labs: Funds Returned to DeFi Exchange Nirvana in First Ever DeFi Hack Prosecution","type":"news","url":"https://www.trmlabs.com/resources/blog/funds-returned-to-defi-exchange-nirvana-in-first-ever-defi-hack-prosecution"},{"credibility":1,"name":"CoinTelegraph: Nirvana Finance co-founder recounts the 'worst day' of his life","type":"news","url":"https://cointelegraph.com/news/nirvana-finance-founder-hoffman-2022-exploit-shook-his-world"}]},{"content":"Shakeeb Ahmed, a trained security engineer formerly employed at an international technology company, was charged by the U.S. Attorney's Office for the Southern District of New York (SDNY) in July 2023. The indictment covered Ahmed's exploitation of two decentralized cryptocurrency exchanges: the unnamed primary exchange (which sustained over $9 million in losses) and Nirvana Finance. Ahmed employed sophisticated money-laundering techniques to conceal the stolen funds, including cryptocurrency mixers, cross-chain swaps, and the privacy coin Monero. In December 2023, Ahmed pleaded guilty to one count of computer fraud. On April 12, 2024, U.S. District Judge Victor Marrero sentenced Ahmed to three years in prison and three years of supervised release. Ahmed was ordered to forfeit over $12.3 million, including approximately $5.6 million in fraudulently obtained cryptocurrency, and was ordered to pay restitution to victims totaling over $5 million, of which approximately $3.4 million was directed to Nirvana Finance. This case marked the first-ever U.S. criminal conviction for hacking a decentralized finance smart contract.","heading":"Law Enforcement Action and Criminal Prosecution","severity":"critical","sources":[{"credibility":1,"name":"U.S. DOJ SDNY: Former Security Engineer Sentenced To Three Years In Prison For Hacking Two Decentralized Cryptocurrency Exchanges","type":"regulatory","url":"https://www.justice.gov/usao-sdny/pr/former-security-engineer-sentenced-three-years-prison-hacking-two-decentralized"},{"credibility":1,"name":"U.S. DOJ SDNY: Former Security Engineer Pleads Guilty To Hacking Two Decentralized Cryptocurrency Exchanges","type":"regulatory","url":"https://www.justice.gov/usao-sdny/pr/former-security-engineer-international-technology-company-pleads-guilty-hacking-two"},{"credibility":1,"name":"CoinDesk: Hacker Sentenced to 3 Years in Prison for Stealing Over $12M From Crypto Exchanges","type":"news","url":"https://www.coindesk.com/policy/2024/04/12/hacker-sentenced-to-3-years-in-prison-for-stealing-over-12m-from-crypto-exchanges"},{"credibility":1,"name":"The Block: Nirvana Finance hacker pleads guilty, agrees to pay restitution to victims","type":"news","url":"https://www.theblock.co/post/267737/nirvana-finance-hacker-pleads-guilty-agrees-to-pay-restitution-to-victims"},{"credibility":2,"name":"Blockworks: Nirvana Finance hacker sentenced to 3 years","type":"news","url":"https://blockworks.com/news/nirvana-finance-hacker-sentenced"},{"credibility":2,"name":"TRM Labs: Funds Returned to DeFi Exchange Nirvana in First Ever DeFi Hack Prosecution","type":"news","url":"https://www.trmlabs.com/resources/blog/funds-returned-to-defi-exchange-nirvana-in-first-ever-defi-hack-prosecution"}]},{"content":"On June 5, 2024, approximately $2.6 million in DAI stablecoin was returned to Nirvana Finance as a result of the court-ordered restitution from Shakeeb Ahmed's sentencing. This represented a partial recovery of the approximately $3.5 million originally stolen. In September 2024, Nirvana Finance opened a claims portal for affected users holding ANA, NIRV, or prANA tokens at the time of the hack, distributing funds pro rata based on users' account equity at the time of the theft. By December 2024, the protocol reported that 60% of restitution funds had been distributed to affected users. The Nirvana team clarified that recovered funds would not be used to re-collateralize the NIRV or ANA tokens, but would instead be distributed directly to harmed individuals.","heading":"Fund Recovery and Victim Restitution","severity":"medium","sources":[{"credibility":2,"name":"TRM Labs: Funds Returned to DeFi Exchange Nirvana in First Ever DeFi Hack Prosecution","type":"news","url":"https://www.trmlabs.com/resources/blog/funds-returned-to-defi-exchange-nirvana-in-first-ever-defi-hack-prosecution"},{"credibility":3,"name":"DeFi Teller: Nirvana Finance Hack Recovery and Investor Compensation","type":"news","url":"https://defiteller.com/nirvana-finance-hack-recovery-and-investor-compensation"},{"credibility":2,"name":"Nirvana Finance Medium: Rising From the Ashes","type":"official","url":"https://medium.com/nirvanafinance/nirvana-finance-rising-from-the-ashes-f2780607f685"}]},{"content":"Following the July 2022 exploit, Nirvana Finance shut down its primary protocol operations. The stolen $3.5 million represented substantially all of the protocol's treasury at the time of the attack, leaving no path to recollateralization. In December 2024, the team announced and launched Nirvana V2, a redesigned protocol on Solana featuring a revised Market-Driven Mint mechanism and a new governance framework called Automated Token-Managed Adjustments (ATMA). The V2 protocol opened publicly on December 17, 2024 UTC. The relaunch included a permanent revenue-sharing mechanism through which protocol revenue is continuously distributed to victims of the original hack, in addition to the direct restitution payments. The V2 launch followed the successful conclusion of the criminal prosecution against Ahmed, which the team cited as enabling the relaunch.","heading":"Protocol Shutdown and V2 Relaunch Attempt","severity":"low","sources":[{"credibility":2,"name":"GlobeNewswire: Nirvana Relaunches After Recovery — A New Vision for DeFi","type":"official","url":"https://www.globenewswire.com/news-release/2024/12/16/2997825/0/en/Nirvana-Relaunches-After-Recovery-A-New-Vision-for-DeFi.html"},{"credibility":3,"name":"BlockTelegraph: Rising From the Ashes — Exclusive Interview with Nirvana Finance on Their V2 Relaunch","type":"news","url":"https://blocktelegraph.io/interview-nirvana-finance-on-v2-relaunch/"}]},{"content":"The Nirvana Finance exploit occurred during a period of elevated DeFi security incidents on the Solana network in 2022. The attack closely followed the July 2022 Crema Finance exploit, which also used flash loans sourced from Solend Protocol on Solana. Both incidents highlighted shared infrastructure risk: Solend's flash loan facility was the funding mechanism in both cases, and both protocols were exploited via price oracle or pricing mechanism manipulation rather than direct fund theft from user wallets. The 2022 period also saw the broader algorithmic stablecoin sector under scrutiny following the May 2022 collapse of Terra/LUNA's UST stablecoin. Nirvana's NIRV depeg, while caused by a direct exploit rather than a reflexive mechanism failure, added to investor skepticism toward algorithmic stablecoin designs on all chains.","heading":"Solana Ecosystem Context","severity":"medium","sources":[{"credibility":2,"name":"Ackee Blockchain: 2022 Solana Hacks Explained — Nirvana","type":"news","url":"https://ackee.xyz/blog/2022-solana-hacks-explained-nirvana/"},{"credibility":3,"name":"Medium — Comprehensive Analysis of Solana's Security History","type":"news","url":"https://medium.com/@lucrativepanda/a-comprehensive-analysis-of-solanas-security-history-all-incidents-impacts-and-evolution-up-to-1b1564c7ddfe"}]}],"sources_used":[{"name":"CoinDesk: Solana DeFi Protocol Nirvana Drained of Liquidity After Flash Loan Exploit","type":"news","url":"https://www.coindesk.com/tech/2022/07/28/solana-defi-protocol-nirvana-drained-of-liquidity-after-flash-loan-exploit"},{"name":"The Block: Solana stablecoin Nirvana sinks 90% amid $3.5 million flash loan exploit","type":"news","url":"https://www.theblock.co/post/159975/solana-stablecoin-nirvana-sinks-90-amid-3-5-million-flash-loan-exploit"},{"name":"CoinTelegraph: Solana-based stablecoin NIRV drops 85% following $3.5M exploit","type":"news","url":"https://cointelegraph.com/news/solana-based-stablecoin-nirv-drops-85-following-3-5m-exploit"},{"name":"CoinTelegraph: Nirvana Finance co-founder recounts the worst day of his life","type":"news","url":"https://cointelegraph.com/news/nirvana-finance-founder-hoffman-2022-exploit-shook-his-world"},{"name":"CertiK: Nirvana Finance Incident Analysis","type":"news","url":"https://www.certik.com/resources/blog/1UBzEHHu35dJdJOGsuf85D-nirvana-finance-incident-analysis"},{"name":"Rekt News: Nirvana Finance — REKT","type":"news","url":"https://rekt.news/nirvana-rekt"},{"name":"U.S. DOJ SDNY: Former Security Engineer Sentenced To Three Years In Prison","type":"regulatory","url":"https://www.justice.gov/usao-sdny/pr/former-security-engineer-sentenced-three-years-prison-hacking-two-decentralized"},{"name":"U.S. DOJ SDNY: Former Security Engineer Pleads Guilty","type":"regulatory","url":"https://www.justice.gov/usao-sdny/pr/former-security-engineer-international-technology-company-pleads-guilty-hacking-two"},{"name":"CoinDesk: Hacker Sentenced to 3 Years in Prison for Stealing Over $12M","type":"news","url":"https://www.coindesk.com/policy/2024/04/12/hacker-sentenced-to-3-years-in-prison-for-stealing-over-12m-from-crypto-exchanges"},{"name":"The Block: Nirvana Finance hacker pleads guilty, agrees to pay restitution","type":"news","url":"https://www.theblock.co/post/267737/nirvana-finance-hacker-pleads-guilty-agrees-to-pay-restitution-to-victims"},{"name":"Blockworks: Nirvana Finance hacker sentenced to 3 years","type":"news","url":"https://blockworks.com/news/nirvana-finance-hacker-sentenced"},{"name":"TRM Labs: Funds Returned to DeFi Exchange Nirvana in First Ever DeFi Hack Prosecution","type":"news","url":"https://www.trmlabs.com/resources/blog/funds-returned-to-defi-exchange-nirvana-in-first-ever-defi-hack-prosecution"},{"name":"GlobeNewswire: Nirvana Relaunches After Recovery — A New Vision for DeFi","type":"official","url":"https://www.globenewswire.com/news-release/2024/12/16/2997825/0/en/Nirvana-Relaunches-After-Recovery-A-New-Vision-for-DeFi.html"},{"name":"Nirvana Finance Documentation — ANA","type":"official","url":"https://docs.nirvana.finance/elements/ana"},{"name":"Nirvana Finance Documentation — NIRV","type":"official","url":"https://docs.nirvana.finance/elements/nirv"},{"name":"Ackee Blockchain: 2022 Solana Hacks Explained — Nirvana","type":"news","url":"https://ackee.xyz/blog/2022-solana-hacks-explained-nirvana/"},{"name":"CryptoSlate: Solana-based Nirvana loses $3.5M to flash loan exploit","type":"news","url":"https://cryptoslate.com/solana-based-nirvana-loses-3-49m-to-flash-loan-exploit-tokens-tank-90/"},{"name":"DeFi Teller: Nirvana Finance Hack Recovery and Investor Compensation","type":"news","url":"https://defiteller.com/nirvana-finance-hack-recovery-and-investor-compensation"}],"summary":"Nirvana Finance was a Solana-based algorithmic DeFi protocol issuing the ANA metastable token and the NIRV stablecoin. On July 28, 2022, the protocol was exploited via a flash loan attack orchestrated by security engineer Shakeeb Ahmed, who drained approximately $3.5 million — effectively the entirety of the treasury — causing ANA to collapse ~85% and NIRV to permanently lose its dollar peg. Ahmed was later convicted in the first-ever U.S. criminal prosecution for hacking a DeFi smart contract and was sentenced to three years in prison in April 2024; the protocol attempted a partial relaunch as Nirvana V2 in December 2024.","timeline":[{"date":"2022-01-01","event":"Nirvana Finance launches on Solana with the ANA metastable token and NIRV stablecoin. Protocol TVL briefly reaches approximately $25 million in its first week.","source":"Ackee Blockchain / Community reporting","source_url":"https://ackee.xyz/blog/2022-solana-hacks-explained-nirvana/"},{"date":"2022-07-28","event":"Shakeeb Ahmed executes a flash loan attack using $10.25M USDC borrowed from Solend, manipulates ANA's price from ~$8 to ~$24, and drains approximately $3.5 million in USDT from Nirvana's treasury. ANA collapses ~85%; NIRV loses its dollar peg.","source":"CoinDesk / The Block / CertiK","source_url":"https://www.coindesk.com/tech/2022/07/28/solana-defi-protocol-nirvana-drained-of-liquidity-after-flash-loan-exploit"},{"date":"2022-07-28","event":"Nirvana Finance suspends trading functions and posts a message offering a $300,000 white-hat bounty and cessation of investigation in exchange for return of stolen funds.","source":"TRM Labs","source_url":"https://www.trmlabs.com/resources/blog/funds-returned-to-defi-exchange-nirvana-in-first-ever-defi-hack-prosecution"},{"date":"2022-07-28","event":"Stolen funds are bridged from Solana to Ethereum via the Wormhole bridge and converted to DAI at Ethereum address 0xB9AE2624Ab08661F010185d72Dd506E199E67C09.","source":"CertiK Incident Analysis","source_url":"https://www.certik.com/resources/blog/1UBzEHHu35dJdJOGsuf85D-nirvana-finance-incident-analysis"},{"date":"2022-07-31","event":"Nirvana Finance publishes an official incident statement on Medium. Team increases bounty offer to $600,000; Ahmed demands $1.4 million and refuses settlement.","source":"TRM Labs","source_url":"https://www.trmlabs.com/resources/blog/funds-returned-to-defi-exchange-nirvana-in-first-ever-defi-hack-prosecution"},{"date":"2023-07-01","event":"Shakeeb Ahmed is publicly charged by the U.S. Attorney's Office for the Southern District of New York with computer fraud in connection with the Nirvana Finance hack and a second unnamed cryptocurrency exchange hack.","source":"U.S. DOJ SDNY","source_url":"https://www.justice.gov/usao-sdny/pr/former-security-engineer-international-technology-company-pleads-guilty-hacking-two"},{"date":"2023-12-01","event":"Shakeeb Ahmed pleads guilty to one count of computer fraud and agrees to forfeit over $12.3 million.","source":"The Block","source_url":"https://www.theblock.co/post/267737/nirvana-finance-hacker-pleads-guilty-agrees-to-pay-restitution-to-victims"},{"date":"2024-04-12","event":"U.S. District Judge Victor Marrero sentences Shakeeb Ahmed to three years in prison, three years supervised release, $12.3 million forfeiture, and over $5 million in victim restitution. This is the first-ever U.S. criminal conviction for hacking a DeFi smart contract.","source":"U.S. DOJ SDNY / CoinDesk","source_url":"https://www.coindesk.com/policy/2024/04/12/hacker-sentenced-to-3-years-in-prison-for-stealing-over-12m-from-crypto-exchanges"},{"date":"2024-06-05","event":"Approximately $2.6 million in DAI is returned to Nirvana Finance as court-ordered restitution from Shakeeb Ahmed's sentence.","source":"TRM Labs","source_url":"https://www.trmlabs.com/resources/blog/funds-returned-to-defi-exchange-nirvana-in-first-ever-defi-hack-prosecution"},{"date":"2024-09-01","event":"Nirvana Finance opens a claims portal for affected ANA, NIRV, and prANA token holders to claim proportional shares of recovered funds.","source":"DeFi Teller / ChainCatcher","source_url":"https://defiteller.com/nirvana-finance-hack-recovery-and-investor-compensation"},{"date":"2024-12-17","event":"Nirvana V2 launches publicly, introducing a redesigned Market-Driven Mint mechanism and Automated Token-Managed Adjustments governance. The relaunch includes a permanent revenue-sharing structure for original hack victims.","source":"GlobeNewswire","source_url":"https://www.globenewswire.com/news-release/2024/12/16/2997825/0/en/Nirvana-Relaunches-After-Recovery-A-New-Vision-for-DeFi.html"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 2aa7c7ac-5fe3-43fe-b730-dc7af07d54a1copy