NGP Protocol Hacked for $2 Million as Price Oracle Gets Exploited

The DeFi world has been rocked once again, this time with news that NGP Protocol Hacked on BNB chain is the latest exploit making headlines. The project, known as New Gold Protocol, was drained of roughly $2 million on Wednesday in a targeted attack on its token liquidity pool.

Onchain security platform Blockaid confirmed the exploit, saying the attacker took advantage of a price oracle weakness inside the NGP smart contract.

The consequences were swift: money was taken, the token value went to zero, and the community was left with more questions than answers.

How the Exploit Unfolded

At the center of the attack was a function called getPrice() . It was meant to read the token’s price from a single Uniswap V2 trading pool but that was the weak spot.

The attacker took out a flash loan and pushed large amounts of tokens into and out of the pool in one fast move, which warped the pool’s balance and made the price look wrong.

That false price fooled the contract’s safety checks, so the attacker was able to buy a huge amount of NGP tokens for almost nothing.

Millions were lost, in just a single transaction.

Tornado Cash Laundering

Once the exploit had been successfully pulled off, the attacker did not waste any time covering their tracks. Stolen NGP tokens were rapidly exchanged for ETH and bridged over to Ethereum before being deposited into the popular crypto mixer Tornado Cash , which is often associated with hacks and laundering operations.

Security firm PeckShield confirmed that the funds had landed there, making recovery much harder. Once money hits Tornado Cash, tracing it becomes close to impossible.

Price Collapse and Community Reaction

The effect on NGP's token was merciless. Prices plummeted almost 88% in hours of the exploit, leaving investors reeling. For some, it was another bitter reminder of how perilous DeFi investments can prove to be.

Online, news of the NGP Protocol Hacked spread quickly. Traders and members of the community lamented that such an elementary security vulnerability based on a single price feed was still possible in 2025. Demands for more extensive audits, tighter coding standards, and even regulatory intervention are becoming louder.

Why This Matters for DeFi

This attack demonstrates, once again, how vulnerable DeFi projects become when corners are cut. Employing a single pool to determine prices is like relying on only a single weather app to determine whether you'll need an umbrella.

Numerous other projects now employ several oracle feeds or averages over longer periods to prevent just this kind of tampering.

The NGP Protocol Hacked on BNB chain will most probably trigger even more urgency among developers to take on more robust protections and among investors to insist upon them before investing in new protocols.

Final Thoughts

For NGP, the harm is already done: millions lost, faith undermined, and a long way to go to regain credibility. But for the wider DeFi ecosystem, it's another wake-up call. Without stronger defenses, these hacks will keep on occurring and every one chips away at trust in decentralized finance.

The message is clear: security in DeFi is not optional. While the damage from the NGP Protocol Hacked is evident, the industry gets a reminder once again of just how much is at stake.