DeFi’s Oracle Vulnerability Uncovered in $2M NGP Theft

Earlier this week, it was confirmed that hackers exploited a vulnerability in the

Protocol (NGP), a DeFi platform operating on the Chain, resulting in a $2 million loss. The perpetrators funneled the stolen funds through Tornado Cash to cover their tracks. The breach leveraged a weakness in NGP’s smart contract, specifically in the getPrice() function, which pulls NGP token prices from V2 pool reserves. Security company Blockaid explained that this reliance on a single decentralized exchange (DEX) for price feeds made the protocol susceptible to price manipulation using flash loans.

The incident began when the attacker used a flash loan to temporarily obtain a large quantity of tokens, then performed a swap that disrupted the

reserve in the mainPair pool while draining NGP tokens. This manipulation caused the getPrice() function to report a much lower value for NGP, allowing the attacker to evade transaction restrictions and buy a substantial amount of tokens at a greatly reduced rate. Once acquired, the tokens were rapidly exchanged for Ethereum and sent through Tornado Cash, a service commonly used to conceal the source of illicit assets.

In the aftermath, NGP’s token price plunged by almost 88% in a matter of hours, sparking investor panic and revealing how vulnerable DeFi protocols can be when price data comes from a single source. After the funds were funneled through Tornado Cash, tracing them became virtually impossible, leaving the protocol with minimal prospects for recovery. The DeFi sector is now more vigilant, especially since similar attacks have persisted into 2025, such as the $2.6 million breach of Nemo Protocol on Sui. These events highlight the persistent dangers of flash loans and the critical need for protocols to use multiple pricing sources and undergo frequent security checks.

Experts in the industry point out that the NGP exploit vividly illustrates the hazards of DeFi projects depending on a single-source

for pricing. Flash loans continue to give attackers the ability to manipulate markets by allowing them to borrow huge sums in one transaction. Consequently, DeFi projects are urged to strengthen their security by integrating reliable oracle networks and multilayered verification methods. This incident also brings attention to the bigger security challenges DeFi faces in 2025, with Chainalysis reporting that crypto thefts from similar attacks have surpassed $2 billion in just the first half of the year.

The NGP breach is part of an increasing number of major DeFi hacks, underscoring the urgent need for stronger industry security protocols and governance frameworks. As services like Tornado Cash become more widespread and exploits grow more advanced, affected projects often struggle to recover. Moving forward, the DeFi community must focus on security, openness, and user safeguards to foster lasting trust and growth in the industry.