NGP Protocol Suffers $2 Million Attack on BNB Chain

• Exploit in NGP protocol manipulates price oracle
• Attacker moves stolen funds via Tornado Cash
• NGP Token Loses 88% of Value After Attack

New Gold Protocol (NGP), a DeFi protocol built on the BNB Chain, was the target of an attack that drained approximately $2 million from its liquidity pool on Wednesday. The exploit stemmed from a price oracle vulnerability, according to on-chain security firm Blockaid.

According to the analysis, the attacker targeted the getPrice() function of the NGP smart contract, which calculates the token's value using only the reserves of a Uniswap V2 pair. This method, according to experts, is highly insecure, as it can be manipulated in a single transaction through flash loans.

“A single DEX pool’s spot price is insecure because an attacker can easily and drastically manipulate the pool’s reserves in a single atomic transaction using a flash loan,” Blockaid explained.

🚨 Community Alert:

Blockaid's exploit detection system identified multiple malicious transactions targeting the NGP token on BSC.
Roughly $2 million has been drained.

↓ We're monitoring in real time and will share updates below pic.twitter.com/efxXma0REQ

— Blockaid (@blockaid_) September 17, 2025

The attack occurred when the attacker took out a large-scale flash loan, performed a swap, and distorted the balance of the mainPair pool. This artificially increased USDT reserves and reduced NGP reserves, causing the oracle to report a very low price. This flaw allowed the attacker to bypass the contract's transaction limit, acquiring a large amount of tokens at an unrealistic price.

Shortly after the exploit, PeckShield confirmed that the stolen funds were sent to Tornado Cash, a cryptocurrency mixing service. The company also reported that the NGP token suffered an 88% price drop following the attack.

This case joins a string of recent incidents exposing flaws in DeFi protocol smart contracts. Just the previous week, the Sui-based Nemo Protocol was exploited for $2,6 million due to the implementation of unaudited functions in its contract.

Data from Chainalysis shows that attacks of this type are growing in frequency and value. In the first half of 2025 alone, more than $2 billion was stolen from cryptocurrency-related platforms, surpassing the amounts recorded in previous years and highlighting the growing pressure on security in the sector.