Key Notes
- The attacker stole ~$2 million worth of ETH from the New Gold Protocol on Sept.18.
- The exploit involved a flash loan that successfully manipulated the price oracle enabling the attacker to bypass security checks in the smart contract.
- The NGP token is down 88% as the attacker obfuscates their funds through Tornado Cash.
New Gold Protocol, a DeFi staking project, lost around 443.8 Ethereum
ETH
$4 599
24h volatility:
2.2%
Market cap:
$555.19 B
Vol. 24h:
$42.83 B
, valued at $2 million, in an exploit on Sept 18. The attack caused the project’s native NGP token to crash by 88%, wiping out most of its market value in less than an hour.
The incident was flagged by multiple blockchain security firms, including PeckShield and Blockaid. Both firms confirmed the amount stolen and tracked the movement of the funds. Blockaid’s analysis identified the specific vulnerability that the attacker used.
Flash Loan Attack Manipulated Price Oracle
According to the Blockaid report, the hack was a price oracle manipulation attack. The protocol’s smart contract had a critical flaw; it determined the NGP token’s price by looking at the asset reserves in a single Uniswap liquidity pool. This method is insecure because a single pool’s price can be easily manipulated.
The attacker used a flash loan to borrow a large amount of assets. A flash loan consists of a series of transactions that borrow and return a loan within the same transaction. They used these assets to temporarily skew the reserves in the liquidity pool, tricking the protocol into thinking the NGP token was nearly worthless. This allowed the hacker to bypass a maximum purchase limit and buy a huge number of NGP tokens at minimal prices.
The next transactions in the chain, reversed the initial trade and repaid the flash loan, netting the hacker a 443.8 ETH profit. The funds were then taken to the Ethereum network and deposited into the Torando Cash mixer to obfuscate the trail.
This exploit highlights several red flags that surrounded the project. Unlike legitimate, audited tokens, NGP operated with little transparency and was plagued by extremely low trading volume. This incident is part of a larger pattern, as reports show that rising crypto hacks are becoming more frequent. It also adds to the debate over developer liability, a topic that crypto firms urge lawmakers to address.
next
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
As a Web3 marketing strategist and former CMO of DuckDAO, Zoran Spirkovski translates complex crypto concepts into compelling narratives that drive growth. With a background in crypto journalism, he excels in developing go-to-market strategies for DeFi, L2, and GameFi projects.
Zoran Spirkovski on X
Source: https://www.coinspeaker.com/new-gold-protocol-loses-2m-price-oracle-hack-ngp/
