On Wednesday, the crypto community was shaken again when New Gold Protocol (NGP) – a DeFi protocol on BNB Chain – was hit with a smart contract vulnerability that drained the liquidation of its native Token by about $2 million.
According to Web3 security firm Blockaid, the attackers exploited a vulnerability in the price oracle. Specifically, the getPrice() function in the NGP smart contract retrieved data directly from the trading pair's reserves on Uniswap V2. This allowed the attacker to manipulate the price with a single transaction via a flash loan.
Blockaid explained: With just a large enough flash loan, the hacker Fungible Token to inflate the USDT reserve and deplete the NGP reserve, causing the system to quote heavily. As a result, the attacker can easily bypass the transaction limit mechanism and collect a large amount of Token at an unusually low price.
After withdrawing the assets, the hacker quickly transferred the funds to Tornado Cash – a popular mixer platform used to hide the traces of transactions. As a result, the value of the NGP Token plummeted by 88% in just a few hours, according to a report from PeckShield.
This is not the only recent incident. A week earlier, Nemo Protocol – a yield-trading platform on Sui – was also exploited for $2.6 million due to bugs in its smart contracts that had not been thoroughly audited.
This situation reflects a strong increase in hacks in the DeFi sector. According to Chainalysis, in the first half of 2025 alone, the total amount of money stolen from cryptocurrency services exceeded $2 billion, much higher than the same period in previous years.
