Yeliz Akmaca 
The NGP token, listed on BSC, was targeted by a hack worth $2 million just a few hours ago. The incident occurred due to critical security vulnerabilities in the token’s design. The attack caused NGP’s price to drop 88% within just one hour, drawing attention across the DeFi ecosystem. Ethereum’s price remained generally stable, but transfers to Tornado Cash have sparked discussions about market security.
Details of the NGP Token Hack
The attacker manipulated the price using the PancakeSwap BUSD-NGP pool after buying NGP tokens at low prices. During this process, the maximum purchase limit and buyer waiting time were bypassed using a “DEAD” address. Subsequently, BUSD was withdrawn, draining the liquidity pool. This caused a sudden spike in NGP token price while resulting in a total loss of $2 million.
Notably, the attacker transferred 443.8 ETH of the stolen funds to Tornado Cash. This move made tracing the transactions difficult and complicated fund recovery further.
Critical Vulnerabilities in Token Design
The NGP token attack exploited two main security flaws:
- Purchase Limit Bypass: Using the “DEAD” address as the buyer allows bypassing the maximum purchase rule.
- Price Manipulation During Sale: Contract synchronization during token sales reflects deducted fees, momentarily inflating the token price.
- These vulnerabilities enabled the attacker to manipulate prices through large-volume transactions.
Market Impact and Security Measures Post-Attack
The hack highlights the importance of robust security measures in the DeFi ecosystem. Experts recommend strict control of purchase and sale limits in smart contracts and restricting the use of special addresses. Additionally, contract synchronization mechanisms should be secured against potential attacks.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.