NGP Protocol Suffers $2M Exploit; Funds Laundered via Tornado Cash
$2M Stolen from NGP Protocol on BNB Chain
The NGP protocol on the BNB Chain experienced a significant security breach, resulting in the theft of $2 million. The exploit, executed via a flash loan, targeted a vulnerability within the protocol's price oracle. Following the theft, the funds were transferred through Tornado Cash, a decentralized privacy tool, raising concerns about money laundering within the DeFi ecosystem.
Blockaid, a blockchain security firm, detected the attack on the NGP token and alerted the community.
Flash Loan Attack Details
The vulnerability exploited centered around the getPrice function, which relied solely on the reserves of a single Uniswap V2 pool. This design made the price feed susceptible to manipulation within a single atomic transaction.
Price Oracle Exploit
Attackers leveraged this weakness by:
- Obtaining a large flash loan.
- Manipulating token ratios within the liquidity pool to inflate USDT and deflate NGP.
- Exploiting the distorted
getPrice()function to purchase NGP at a significantly reduced price. - Bypassing the
maxBuyAmountInUsdtlimit to acquire large quantities of NGP. - Repaying the initial flash loan with the ill-gotten gains.
Funds Laundered Through Tornado Cash
Following the exploit, the stolen assets were exchanged for Ethereum and transferred to the Ethereum network. The funds were then routed through Tornado Cash, a popular crypto mixer, making it significantly more difficult to trace the hacker's identity and recover the stolen assets. This incident underscores the ongoing challenges in combating illicit activity within the decentralized finance space. The use of Tornado Cash highlights the sophistication of the attackers and the need for enhanced security measures in DeFi protocols.
For projects seeking to enhance their security posture, Codeum offers comprehensive smart contract auditing and security consulting services.