NGP協議黑客：200萬美元通過龍捲風現金 - 一場災難

BNB鏈，Flash Loan的利用和不可避免的龍捲風現金連接的NGP協議黑客攻擊的細分。 Defi Security需要認真升級！

Yo, crypto fam! Another one bites the dust. This time, it's the NGP protocol on BNB Chain getting rinsed for a cool $2 million. And guess where those stolen funds ended up? You guessed it: Tornado Cash. Let's dive into this mess.

喲，加密貨幣。另一個人咬了灰塵。這次，這是BNB連鎖店的NGP協議，以200萬美元的價格沖洗。猜猜那些被盜的資金最終出現在哪裡？您猜對了：龍捲風現金。讓我們潛入這個混亂。

The NGP Protocol Exploit: How It Went Down

NGP協議利用：如何降低

So, here's the deal: some smarty-pants hacker found a chink in NGP's armor – specifically, their price oracle. Turns out, NGP was relying on a single Uniswap V2 pool to determine the token price. Big mistake. Huge.

因此，這就是交易：一些聰明的褲子黑客在NGP的盔甲中發現了一個奇數 - 特別是他們的價格甲骨文。事實證明，NGP依靠一個Uniswap V2池來確定令牌價格。大錯誤。巨大的。

According to Blockaid, using just one DEX pool for price data is like leaving your front door wide open. An attacker can easily manipulate the pool's reserves using a flash loan. And that's exactly what happened.

根據Blockaid的說法，僅使用一個DEX池進行價格數據，就像將前門蓋開一樣。攻擊者可以使用Flash貸款輕鬆操縱游泳池的儲備。這正是發生的事情。

The attacker borrowed a ton of tokens, messed with the liquidity pool to make the NGP token look cheap, and then bought a boatload of 'em at the artificially low price. Then, they unwound the trade, repaid the loan, and walked away with 443.8 ETH (worth $2 million at the time).

攻擊者藉了大量令牌，與流動性池混在一起，以使NGP代幣看起來便宜，然後以人為的低價購買了一小船。然後，他們取消了交易，償還了貸款，並以443.8 ETH的身份走開了（當時價值200萬美元）。

Tornado Cash: The Hacker's Best Friend

龍捲風現金：黑客最好的朋友

After making off with the loot, the hacker did what any self-respecting crypto crook would do: they sent the funds through Tornado Cash. This privacy mixer makes it nearly impossible to trace the money back to the source. The trail went cold, leaving investors high and dry.

與戰利品一起出發後，黑客做了任何自尊心的加密騙子都會做的事情：他們通過龍捲風現金派遣了資金。此隱私混音器幾乎不可能將錢追溯到來源。小徑變冷，使投資者高高乾燥。

The Aftermath: Price Crash and Panic

後果：價格崩潰和恐慌

Word of the hack spread like wildfire, and the NGP token price tanked. Investors panicked, liquidity dried up, and the whole thing turned into a proper DeFi dumpster fire. And so far, NGP hasn't announced any plans to recover the funds or compensate the victims.

黑客的話像野火一樣蔓延開來，NGP代幣價格也被打倒了。投資者驚慌失措，流動性枯竭，整個事情變成了適當的Defi Dumpster大火。到目前為止，NGP尚未宣布任何計劃收回資金或補償受害者的計劃。

DeFi Security: We Need to Talk

defi安全：我們需要談談

This NGP debacle is yet another reminder that DeFi security is still the Wild West. Relying on a single price source? Asking for trouble. Not having proper audits? Playing with fire. Until these protocols get their act together, these kinds of exploits are gonna keep happening.

這種NGP崩潰又提醒了Defi Security仍然是Wild West。依靠單個價格來源？要求麻煩。沒有適當的審核？玩火。在這些協議將它們的行為融合在一起之前，這些漏洞將繼續發生。

Experts are saying that projects need to use multiple price feeds, conduct regular audits, and implement stronger security measures. But until then, it's buyer beware out there.

專家說，項目需要使用多個價格提要，進行定期審計並實施更強大的安全措施。但是直到那時，買家要當心那裡。

My Take: A Wake-Up Call for DeFi

我的看法：喚醒defi的電話

Look, I'm all for decentralized finance, but these hacks are getting ridiculous. The NGP exploit shows just how vulnerable these protocols can be, and how easily attackers can exploit those vulnerabilities. The fact that the hacker used Tornado Cash to cover their tracks just adds insult to injury. It's time for DeFi projects to prioritize security over everything else. Otherwise, they're just building castles in the sand.

看，我全都是為了分散的財務，但是這些駭客越來越荒謬。 NGP利用顯示了這些協議的脆弱性，以及攻擊者可以輕易利用這些漏洞的脆弱性。黑客使用龍捲風現金覆蓋軌道的事實只會增加受傷。現在是時候讓Defi項目優先考慮安全性。否則，他們只是在沙灘上建造城堡。

And for you investors out there, do your homework! Don't just throw your money at any shiny new DeFi project. Make sure they have proper security measures in place, and be aware of the risks involved. Otherwise, you might end up like the NGP investors – holding the bag while the hackers laugh all the way to the crypto bank.

對於您在那裡的投資者，做功課！不要只是在任何閃亮的新範圍項目上扔錢。確保他們採取適當的安全措施，並註意所涉及的風險。否則，您可能會像NGP投資者一樣最終 - 拿著袋子，而黑客一直笑到加密銀行。

Wrapping Up

總結

So, there you have it – another DeFi hack, another $2 million gone, and another black eye for the crypto world. Hopefully, this NGP exploit will serve as a wake-up call for the industry. But until then, stay safe out there, folks. And maybe keep your crypto locked up in a cold wallet, just in case. Peace out!

因此，您擁有它 - 另一個Defi Hack，另一個耗資200萬美元消失了，另一隻黑眼睛是加密貨幣世界。希望這種NGP漏洞將成為該行業的警鐘。但是在那之前，伙計們，請保持安全。也許將加密貨幣鎖在一個冷錢包中，以防萬一。和平！