Security

New Gold Protocol Suffers $2m Price Oracle Manipulation via Flash Loan

A single-source price oracle vulnerability, exploitable by flash loans, enabled the theft of $2 million, highlighting critical systemic risk.
September 21, 20253 min

The image displays vibrant blue, faceted crystalline structures, resembling precious gemstones, partially surrounded by soft, white, cloud-like material. These elements are contained within a translucent blue vessel, with additional white material spilling over its edges
A vibrant blue, crystalline structure, appearing frozen and partially covered in white frost, dominates the center of the frame. A sleek, reflective blue ribbon partially encircles this frosty formation, with a single water droplet clinging to the central crystal

Briefing

The New Gold Protocol (NGP) on the BNB Chain was exploited for approximately $2 million (443.8 ETH) on September 18, 2025, through a sophisticated price oracle manipulation attack. This incident leveraged a critical flaw in NGP’s smart contract, specifically its reliance on a single Uniswap V2 liquidity pool for token pricing, making it susceptible to flash loan-induced price distortions. The immediate consequence was an 88% crash in the NGP token’s value, with the stolen funds subsequently routed through Tornado Cash, severely complicating recovery efforts.

The image displays a series of white, geometrically designed blocks connected in a linear chain, featuring intricate transparent blue components glowing from within. Each block interlocks with the next via a central luminous blue conduit, suggesting active data transmission

Context

Prior to this incident, the DeFi ecosystem has faced persistent risks from protocols relying on insecure price oracles, a known class of vulnerability. Many projects, particularly those with lower liquidity or minimal auditing, often utilize single-source price feeds from decentralized exchanges (DEXs), creating an easily manipulable attack surface. This architectural oversight allows for rapid, temporary price manipulation within a single atomic transaction, a vector frequently exploited by sophisticated threat actors.

The artwork displays a central white sphere surrounded by a dynamic interplay of white rings and segmented, deep blue elements, all interwoven with fine, transparent lines. This abstract composition evokes the multifaceted nature of decentralized finance DeFi and the underlying blockchain architecture

Analysis

The incident’s technical mechanics centered on the NGP smart contract’s getPrice() function, which determined the NGP token’s value solely from its reserves within a Uniswap V2 liquidity pool. An attacker initiated a flash loan, temporarily borrowing a substantial amount of assets without collateral. This borrowed capital was then used to execute a swap that artificially inflated the USDT reserves while draining NGP tokens from the mainPair pool, causing the getPrice() function to report a drastically deflated NGP token price. With the price oracle compromised, the attacker bypassed the contract’s transaction limits, acquired a large volume of NGP tokens at a manipulated low price, repaid the flash loan, and extracted approximately $2 million in profit.

The image presents an abstract, high-tech structure featuring a central, translucent, twisted element adorned with silver bands, surrounded by geometric blue blocks and sleek metallic frames. This intricate design, set against a light background, suggests a complex engineered system with depth and interconnected components

Parameters

  • Protocol Targeted → New Gold Protocol (NGP)
  • Attack VectorPrice Oracle Manipulation via Flash Loan
  • Financial Impact → ~$2 Million (443.8 ETH)
  • Affected BlockchainBNB Chain
  • Vulnerable Component → getPrice() function relying on single Uniswap V2 pool
  • Token Impact → NGP token price plummeted 88%
  • Post-Exploit Activity → Funds routed through Tornado Cash
  • Security Firms Involved → Blockaid, PeckShield

A sleek, white, spherical robot head featuring a bright blue visor and a multi-jointed hand is depicted emerging from a dynamic formation of jagged blue and clear ice shards. The robot appears to be breaking through or being revealed by these crystalline structures against a soft grey background

Outlook

To mitigate similar risks, protocols must adopt robust, multi-source price oracle solutions and undergo rigorous, independent security audits to identify and rectify such vulnerabilities. Users should exercise extreme caution with new or unaudited DeFi projects, prioritizing those with transparent security postures and decentralized governance. This exploit underscores the ongoing need for the DeFi ecosystem to evolve its security best practices, emphasizing resilience against sophisticated on-chain manipulation tactics.

A vibrant blue central light source illuminates an intricate cluster of blue and dark grey rectangular rods, forming a dense, radial structure. White, smooth spherical objects, some with smaller attached spheres, are positioned around this core, interconnected by delicate white filaments

The New Gold Protocol Exploit Serves as a Stark Reminder That Single-Point Oracle Dependencies Remain a Critical Systemic Vulnerability, Demanding Immediate Architectural Remediation across the DeFi Landscape.

Signal Acquired from → Crypto Economy

Micro Crypto News Feeds

oracle manipulation

Oracle Manipulation ∞ is a type of attack where the data provided by a blockchain oracle is deliberately falsified or corrupted.

defi ecosystem

Definition ∞ The DeFi Ecosystem refers to the interconnected network of decentralized finance applications and protocols built on blockchain technology.

liquidity pool

Liquidity Pool ∞ is a collection of cryptocurrency tokens locked in a smart contract, typically used to facilitate decentralized trading.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

price oracle

Definition ∞ A price oracle is a digital service that provides external price data to smart contracts on a blockchain.

bnb chain

BNB Chain ∞ is a decentralized blockchain network that supports smart contracts and decentralized applications.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

tornado cash

Definition ∞ Tornado Cash is a decentralized cryptocurrency mixing service designed to enhance user privacy by obscuring the transaction history of digital assets.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

Tags:

Tags: