Overview

• Blockaid and PeckShield confirmed roughly $2 million was drained from NGP on BNB Chain and began monitoring the attacker’s wallets in real time.
• The exploit manipulated NGP’s getPrice() function, which relied on a single Uniswap V2 pool, letting the attacker bypass the protocol’s max buy limit.
• The attacker netted about 443.8 ETH, converted proceeds to ETH, bridged to Ethereum, and sent the funds into Tornado Cash.
• NGP’s token price fell about 88% within an hour as liquidity evaporated, triggering panic selling across decentralized exchanges.
• Investigations continue while security experts urge multi-source oracle feeds and stronger audits to prevent similar single-pool price manipulations.