A digital money platform known as New Gold Protocol, or NGP, recently lost about $2 million. The attack happened on Wednesday. NGP runs on the BNB Chain system. This event shines a light on how easily some decentralized finance (DeFi) systems can be tricked. Attackers can mess with price information and use quick loans to steal funds.
Web3 security company Blockaid reported on the incident. They found the attacker took advantage of a weak spot in NGP’s getPrice() function. This function was supposed to figure out the token’s value. But it simply looked at how much money was in a single Uniswap V2 trading pool. Relying on one pool’s reserves like this makes a system an easy target. The Block also covered this story.
Hack a New Gold Protocol (NGP)
USD 2M drenados del pool tras préstamo flash
Manipularon getPrice() con reservas Uniswap V2; token -88%
Fondos a Tornado Cash. Informan Blockaid y PeckShield pic.twitter.com/PQAlHmxAXR— Diario฿itcoin (@Blaze Trends)
How the Attack Happened
Blockaid explained how the theft unfolded. The attacker first took out a very large flash loan. This is a special type of loan that must be paid back in the same transaction. Then, they made a massive trade. This trade changed the balance of the main NGP money pool. The attacker artificially boosted the amount of USDT in the pool. At the same time, they lowered the amount of NGP tokens. This made NGP’s getPrice() function give a false, very low value for the token. The hacker then bought a huge number of NGP tokens at this fake low price. This move cleverly got around the contract’s normal trade limits.
The security firm made it clear that "a spot price from a single DEX pool is unsafe." An attacker can easily change the reserves within a single quick transaction. This case shows that systems depending on only one price source often remain weak points in the DeFi world.
Stolen Funds and What Happened Next
Another security company, PeckShield, tracked the stolen funds. They found the money ended up in Tornado Cash. This is a tool that mixes different crypto transactions together. It makes it very hard to follow where the money goes. After the attack, the NGP token’s value dropped sharply, by 88%. This caused worry among investors. It also brought back old talks about how safe decentralized protocols truly are.
This attack is just one in a string of recent problems for DeFi platforms. Just last week, Nemo Protocol suffered a similar fate. That project, which focused on earning returns on the Sui network, lost $2.6 million. Its contracts had new flaws that were not properly checked before launch.
DeFi Attacks are Growing
The DeFi industry continues to see more cyberattacks. These attacks are getting bigger and happening more often. Data from Chainalysis shows that in the first half of 2025, over $2 billion was stolen from crypto-related services. This amount is already higher than what was taken in similar periods in past years. This trend highlights a growing risk for both investors and platforms.
Experts say these events are a clear warning. New products in the crypto space need much stronger security checks and audits before they go live. They also suggest using several different sources to get price information. This would help prevent manipulation. Projects should also put in place special tools to stop similar tricks.