NGP protocol on BNB Chain exploited for $2 million, funds moved through Tornado Cash

New Gold Protocol or NGP, a DeFi protocol on the BNB Chain, saw its native token liquidity pool exploited for around $2 million on Wednesday.

According to the Web3 security firm Blockaid, the exploit involved the manipulation of a price oracle. The attacker targeted the NGP smart contract's getPrice() function, which calculates the token price by directly referencing the current reserves of the Uniswap V2 pair.

"A spot price from a single DEX pool is insecure because an attacker can easily and dramatically manipulate the pool's reserves within a single atomic transaction using a flash loan," Blockaid said .

The security platform said the attacker launched a flash loan of a large amount of tokens, then executed a swap to manipulate the mainPair pool. This significantly boosts the USDT reserve and decreases the NGP token reserve, making getPrice() report an artificially low value. This allowed the attacker to bypass the contract's transaction limit check, enabling them to acquire a substantial amount of NGP tokens at the manipulated price.

Another onchain security firm, PeckShield, reported that the stolen funds have been deposited into the crypto mixer Tornado Cash. The token's value plunged 88% after the attack, PeckShield added.

This exploit is the latest in a series of recent attacks on DeFi protocols targeting contract vulnerabilities. Last week, it was revealed that Sui-based yield-trading platform Nemo Protocol was exploited for $2.6 million , where the attacker targeted issues in the smart contract that were introduced without proper audits.

Crypto heists in general are growing in scale, posing an increasing threat to the industry. According to Chainalysis , over $2 billion was stolen from crypto services in the first half of 2025, a figure that surpasses the amount stolen in the same timeframe in previous years.