Security

New Gold Protocol Suffers $2m Price Oracle Manipulation via Flash Loan

A single-source price oracle vulnerability, exploitable by flash loans, enabled the theft of $2 million, highlighting critical systemic risk.
September 21, 20253 min

The image showcases a metallic, lens-shaped core object centrally positioned, enveloped by an intricate, glowing white network of interconnected lines and dots. This mesh structure interacts with a fluid, crystalline blue substance that appears to emanate from or surround the core, all set against a gradient grey-blue background
A prominent spherical object, textured like the moon with visible craters, is centrally positioned, appearing to push through a dense, intricate formation of blue and grey geometric shards. These angular, reflective structures create a sense of depth and dynamic movement, framing the emerging sphere

Briefing

The New Gold Protocol (NGP) on the BNB Chain was exploited for approximately $2 million (443.8 ETH) on September 18, 2025, through a sophisticated price oracle manipulation attack. This incident leveraged a critical flaw in NGP’s smart contract, specifically its reliance on a single Uniswap V2 liquidity pool for token pricing, making it susceptible to flash loan-induced price distortions. The immediate consequence was an 88% crash in the NGP token’s value, with the stolen funds subsequently routed through Tornado Cash, severely complicating recovery efforts.

A close-up view reveals a multi-faceted, transparent object with sharp geometric edges, encasing a smooth, amorphous blue mass within its core. The interplay of light through the clear material highlights the vibrant blue interior and the intricate structure of the outer shell

Context

Prior to this incident, the DeFi ecosystem has faced persistent risks from protocols relying on insecure price oracles, a known class of vulnerability. Many projects, particularly those with lower liquidity or minimal auditing, often utilize single-source price feeds from decentralized exchanges (DEXs), creating an easily manipulable attack surface. This architectural oversight allows for rapid, temporary price manipulation within a single atomic transaction, a vector frequently exploited by sophisticated threat actors.

A detailed macro shot showcases a sophisticated mechanical apparatus, centered around a black cylindrical control element firmly secured to a vibrant blue metallic baseplate by several silver screws. A dense entanglement of diverse cables, including braided silver strands and smooth black and blue conduits, intricately interconnects various parts of the assembly, emphasizing systemic complexity and precision engineering

Analysis

The incident’s technical mechanics centered on the NGP smart contract’s getPrice() function, which determined the NGP token’s value solely from its reserves within a Uniswap V2 liquidity pool. An attacker initiated a flash loan, temporarily borrowing a substantial amount of assets without collateral. This borrowed capital was then used to execute a swap that artificially inflated the USDT reserves while draining NGP tokens from the mainPair pool, causing the getPrice() function to report a drastically deflated NGP token price. With the price oracle compromised, the attacker bypassed the contract’s transaction limits, acquired a large volume of NGP tokens at a manipulated low price, repaid the flash loan, and extracted approximately $2 million in profit.

A spherical object, deep blue with swirling white patterns, is partially encased by a metallic silver, cage-like structure. This protective framework features both broad, smooth bands and intricate, perforated sections with rectangular openings

Parameters

  • Protocol Targeted → New Gold Protocol (NGP)
  • Attack VectorPrice Oracle Manipulation via Flash Loan
  • Financial Impact → ~$2 Million (443.8 ETH)
  • Affected BlockchainBNB Chain
  • Vulnerable Component → getPrice() function relying on single Uniswap V2 pool
  • Token Impact → NGP token price plummeted 88%
  • Post-Exploit Activity → Funds routed through Tornado Cash
  • Security Firms Involved → Blockaid, PeckShield

A futuristic metallic device, possibly a satellite or specialized node, is partially submerged in a calm body of water. From its lower section, a vigorous stream of bright blue liquid, intermingled with white foam, forcefully ejects, creating dynamic ripples and splashes on the water's surface

Outlook

To mitigate similar risks, protocols must adopt robust, multi-source price oracle solutions and undergo rigorous, independent security audits to identify and rectify such vulnerabilities. Users should exercise extreme caution with new or unaudited DeFi projects, prioritizing those with transparent security postures and decentralized governance. This exploit underscores the ongoing need for the DeFi ecosystem to evolve its security best practices, emphasizing resilience against sophisticated on-chain manipulation tactics.

A close-up view reveals transparent, tubular conduits filled with vibrant blue patterns, converging into a central, dark, finned connector. The luminous channels appear to transmit data, while the central unit suggests processing or connection within a complex system

The New Gold Protocol Exploit Serves as a Stark Reminder That Single-Point Oracle Dependencies Remain a Critical Systemic Vulnerability, Demanding Immediate Architectural Remediation across the DeFi Landscape.

Signal Acquired from → Crypto Economy

Micro Crypto News Feeds

oracle manipulation

Oracle Manipulation ∞ is a type of attack where the data provided by a blockchain oracle is deliberately falsified or corrupted.

defi ecosystem

Definition ∞ The DeFi Ecosystem refers to the interconnected network of decentralized finance applications and protocols built on blockchain technology.

liquidity pool

Liquidity Pool ∞ is a collection of cryptocurrency tokens locked in a smart contract, typically used to facilitate decentralized trading.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

price oracle

Definition ∞ A price oracle is a digital service that provides external price data to smart contracts on a blockchain.

bnb chain

BNB Chain ∞ is a decentralized blockchain network that supports smart contracts and decentralized applications.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

tornado cash

Definition ∞ Tornado Cash is a decentralized cryptocurrency mixing service designed to enhance user privacy by obscuring the transaction history of digital assets.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

Tags:

Tags: