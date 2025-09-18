The breach hammered the project’s native token, which plunged nearly 90% within hours.

Investigators say the incident stemmed from a vulnerability in NGP’s price oracle. Instead of aggregating prices, the system relied on a single liquidity pool.

Attackers exploited this by deploying a flash loan to distort reserves, forcing the oracle to register an artificial price. That loophole let them scoop up tokens at a fraction of their value before cashing out.

The stolen funds were quickly laundered through Tornado Cash, according to PeckShield. Blockaid, another security firm, said the design flaw – a dependence on instant readings from one DEX pool – made the exploit possible.

This is not an isolated case. Just days ago, Nemo Protocol on the Sui network lost $2.6 million to a nearly identical strategy. Chainalysis reports that thefts across crypto platforms topped $2 billion in the first half of 2025, already surpassing previous years.

For NGP, the flash loan exploit raises fresh doubts about DeFi security practices. For the wider market, it’s another reminder that vulnerabilities in oracle design remain one of the easiest ways for attackers to drain liquidity.

