Nirvana Finance founder, revealing how one random Telegram message led to the capture of the exploiter that stole $3.5 million from the protocol
Eventually, after reviewing and matching transactions with the other exploit, the authorities asked Hoffman to come in and explain exactly how the infrastructure of the protocol works. From there, they were able to trace the exploit back to Ahmed
Up until now, Alex Hoffman, the head of ecosystem at Superposition, has kept it a secret that he was the anonymous founder of decentralized finance (DeFi) yield protocol Nirvana Finance, which was struck by a $3.5 million flash loan exploit two years ago.
Now, he is ready to attach his name to the anonymous founder title and the story of the “worst day” of his life, which began when he woke up one morning to discover that all the funds in Nirvana Finance had vanished.
“Literally the week we were supposed to start the audit, we woke up to find that it had been hacked,” Hoffman, describing the morning of July 28, 2022.
“You really learn who your friends are when this happens and all those who aren’t.”
The search for the Nirvana Finance hacker lasted 17 months.
It wasn’t until December 2023, after a lengthy investigation involving blockchain investigators and multiple enforcement agencies, that software engineer Shakeeb Ahmed was arrested after admitting to hacking Nirvana Finance. On April 12, he was sentenced to three years in prison.
Hoffman explained it took so long as Ahmed’s exploit was very “sophisticated.” Despite best efforts from blockchain investigators, they kept coming to “dead ends.”
Random Telegram message from Homeland Security
But it was a chance Telegram message from an officer at the United States Department of Homeland Security, who believed he had a solid lead on the exploit, linking it to the same hacker behind another recent exploit, that was a turning point for the investigation.
“He wanted to see if the team would cooperate with helping them on building the case,” Hoffman explained.
Before Hoffman realized it, the next few months were spent going back and forth with the officer and other officials from Homeland Security, prosecutors, and Internal Revenue Service (IRS) investigators.
Eventually, after reviewing and matching transactions with the other exploit, the authorities asked Hoffman to come in and explain exactly how the infrastructure of the protocol works. From there, they were able to trace the exploit back to Ahmed.
Although Nirvana Finance wasn’t open source, Hoffman explained that Ahmed discovered a “flaw in the code by pinging the system and figuring it out.”
Hoffman copped death threats for the exploit
The 17 months were incredibly stressful for Hoffman, he said.
Not only did he lose most of his money, which was tied up in what he believed to be a flawless protocol, but he also worried that, as an anonymous founder, the victims would assume he had “rugged” the project.
He wanted to dox himself right there, and then so he could explain that the founder behind the project wasn’t the cause of the exploit.
However, the threats were already coming through Nirvana Finance’s Twitter account fast and he feared it was only a matter of time before somebody would work out who he was.
“I got dozens of death threats and threats to hurt my wife, my mom, and my kids; it was nonstop,” Hoffman said.
Solana CEO pushed audit firms to make Nirvana Finance a priority
Reflecting on the protocol's rise and fall, Hoffman said he never expected Nirvana Finance to achieve the success it did so quickly.
“We launched it not thinking that it was going to have so much traction. We were trying to do a soft launch,” before revealing that it caught the attention of several Chinese news publications, which led to the total value locked (TVL) spiking significantly.
“It ended up getting around 25 million TVL within the first week,” he said.