NGP协议黑客：200万美元通过龙卷风现金 - 一场灾难

BNB链，Flash Loan的利用和不可避免的龙卷风现金连接的NGP协议黑客攻击的细分。 Defi Security需要认真升级！

Yo, crypto fam! Another one bites the dust. This time, it's the NGP protocol on BNB Chain getting rinsed for a cool $2 million. And guess where those stolen funds ended up? You guessed it: Tornado Cash. Let's dive into this mess.

哟，加密货币。另一个人咬了灰尘。这次，这是BNB连锁店的NGP协议，以200万美元的价格冲洗。猜猜那些被盗的资金最终出现在哪里？您猜对了：龙卷风现金。让我们潜入这个混乱。

The NGP Protocol Exploit: How It Went Down

NGP协议利用：如何降低

So, here's the deal: some smarty-pants hacker found a chink in NGP's armor – specifically, their price oracle. Turns out, NGP was relying on a single Uniswap V2 pool to determine the token price. Big mistake. Huge.

因此，这就是交易：一些聪明的裤子黑客在NGP的盔甲中发现了一个奇数 - 特别是他们的价格甲骨文。事实证明，NGP依靠一个Uniswap V2池来确定令牌价格。大错误。巨大的。

According to Blockaid, using just one DEX pool for price data is like leaving your front door wide open. An attacker can easily manipulate the pool's reserves using a flash loan. And that's exactly what happened.

根据Blockaid的说法，仅使用一个DEX池进行价格数据，就像将前门盖开一样。攻击者可以使用Flash贷款轻松操纵游泳池的储备。这正是发生的事情。

The attacker borrowed a ton of tokens, messed with the liquidity pool to make the NGP token look cheap, and then bought a boatload of 'em at the artificially low price. Then, they unwound the trade, repaid the loan, and walked away with 443.8 ETH (worth $2 million at the time).

攻击者借了大量令牌，与流动性池混在一起，以使NGP代币看起来便宜，然后以人为的低价购买了一小船。然后，他们取消了交易，偿还了贷款，并以443.8 ETH的身份走开了（当时价值200万美元）。

Tornado Cash: The Hacker's Best Friend

龙卷风现金：黑客最好的朋友

After making off with the loot, the hacker did what any self-respecting crypto crook would do: they sent the funds through Tornado Cash. This privacy mixer makes it nearly impossible to trace the money back to the source. The trail went cold, leaving investors high and dry.

与战利品一起出发后，黑客做了任何自尊心的加密骗子都会做的事情：他们通过龙卷风现金派遣了资金。此隐私混音器几乎不可能将钱追溯到来源。小径变冷，使投资者高高干燥。

The Aftermath: Price Crash and Panic

后果：价格崩溃和恐慌

Word of the hack spread like wildfire, and the NGP token price tanked. Investors panicked, liquidity dried up, and the whole thing turned into a proper DeFi dumpster fire. And so far, NGP hasn't announced any plans to recover the funds or compensate the victims.

黑客的话像野火一样蔓延开来，NGP代币价格也被打倒了。投资者惊慌失措，流动性枯竭，整个事情变成了适当的Defi Dumpster大火。到目前为止，NGP尚未宣布任何计划收回资金或补偿受害者的计划。

DeFi Security: We Need to Talk

defi安全：我们需要谈谈

This NGP debacle is yet another reminder that DeFi security is still the Wild West. Relying on a single price source? Asking for trouble. Not having proper audits? Playing with fire. Until these protocols get their act together, these kinds of exploits are gonna keep happening.

这种NGP崩溃又提醒了Defi Security仍然是Wild West。依靠单个价格来源？要求麻烦。没有适当的审核？玩火。在这些协议将它们的行为融合在一起之前，这些漏洞将继续发生。

Experts are saying that projects need to use multiple price feeds, conduct regular audits, and implement stronger security measures. But until then, it's buyer beware out there.

专家说，项目需要使用多个价格提要，进行定期审计并实施更强大的安全措施。但是直到那时，买家要当心那里。

My Take: A Wake-Up Call for DeFi

我的看法：唤醒defi的电话

Look, I'm all for decentralized finance, but these hacks are getting ridiculous. The NGP exploit shows just how vulnerable these protocols can be, and how easily attackers can exploit those vulnerabilities. The fact that the hacker used Tornado Cash to cover their tracks just adds insult to injury. It's time for DeFi projects to prioritize security over everything else. Otherwise, they're just building castles in the sand.

看，我全都是为了分散的财务，但是这些骇客越来越荒谬。 NGP利用显示了这些协议的脆弱性，以及攻击者可以轻易利用这些漏洞的脆弱性。黑客使用龙卷风现金覆盖轨道的事实只会增加受伤。现在是时候让Defi项目优先考虑安全性。否则，他们只是在沙滩上建造城堡。

And for you investors out there, do your homework! Don't just throw your money at any shiny new DeFi project. Make sure they have proper security measures in place, and be aware of the risks involved. Otherwise, you might end up like the NGP investors – holding the bag while the hackers laugh all the way to the crypto bank.

对于您在那里的投资者，做功课！不要只是在任何闪亮的新范围项目上扔钱。确保他们采取适当的安全措施，并注意所涉及的风险。否则，您可能会像NGP投资者一样最终 - 拿着袋子，而黑客一直笑到加密银行。

Wrapping Up

总结

So, there you have it – another DeFi hack, another $2 million gone, and another black eye for the crypto world. Hopefully, this NGP exploit will serve as a wake-up call for the industry. But until then, stay safe out there, folks. And maybe keep your crypto locked up in a cold wallet, just in case. Peace out!

因此，您拥有它 - 另一个Defi Hack，另一个耗资200万美元消失了，另一只黑眼睛是加密货币世界。希望这种NGP漏洞将成为该行业的警钟。但是在那之前，伙计们，请保持安全。也许将加密货币锁在一个冷钱包中，以防万一。和平！