AI-driven, self described “Defi 3.0” design protocol The new Gold protocol, built “with sustainability in the core”, was hacked hours after the launch. The hacking took place on September 18, 2025. The Hacker operated two errors in the NGP design. The case shows how negligence in the protocol design can undergo a project from the first day.
Summary
- Almost $ 2 million in Crypto was stolen from the new Gold Protocol platform that has just been launched via a Flash Loan attack.
- Stolen money was sent to Tornado -Contant money. The hacker is not identified.
- The team behind the new Gold protocol remains silent.
- The largest flash loan attacks resulted in more than $ 100 million in losses.
What is a new gold protocol?
The new Gold protocol is a expansion protocol built on top of the BNB -Blockchain and launched on September 18.
One of the trouble That the new Gold protocol wants to solve is the “lack of price rules”. According to the white paper, many Defi protocols “have no standardized mechanisms for behavioral prices, resulting in volatility and disorder”.
The next generation Defi 3.0 ‘New Gold protocol was intended to exceed competitors who have no intrinsic income and whose management models are inefficient. The NGP team saw the way to achieve transparency, fairness and sustainability through AI optimization.
The new Gold protocol aimed to create an inclusive strike platform with a transparent, automated environment that is sustained through smart contracts. Due to token burns, NGP promoted his native token as deflationar. The promised real-yield distributions instead of inflationary and speculative stimuli. The NGP -WHITEPEPER suggested that transparency ensures accountability. However, it turned out that this was not enough.
How was NGP hacked?
The hacking took place shortly after the launch of the NGP token. The amount of NGP tokens that could be purchased was limited to prevent price inflation attacks, but the hacker found a way to circumvent it.
According to analysts of Blockchain Security Company Hacken, six hours before the attack, the hacker collected a large number of assets via flash loans using different accounts. Flash loans are a function that is popular on Defi platforms. They make it possible to borrow crypto assets quickly without collateral. Loan -related funds can be used for arbitration trade, stealing funds from a protocol or price manipulation. Hack notesThe damage caused by attacks of flash loans can be millions of dollars.
The attacker used an Oracle manipulation tactic. The Protocol determined the NGP -token price by scanning its reserves in the DEX liquidity pool, allowing the attacker to manipulate the price. The attacker started to exchange Busd to NGP on Pancakepair, who quickly pumped the price of NGP.
The new Gold protocol contained two limits: a purchase limit and a cooldown limit for buyers. Both were bypassed when the attacker used the “dead” address as a recipient.
The next step was almost all busd -tokens from the draining protocol through the sale of NGP. It left the new Gold protocol with almost no money. The attacker then received $ 1.9 million in crypto and immediately exchanged the money to BNB-based ETH.
According to the Hacking team, the following actions include the stealing of stolen funds at Tornado -Contant money via Ethereum. The promotion sent the NGP price up and left the protocol with just a small amount of money. Soon the NGP -token price dropped 88%.
Unfortunately, despite ambitious plans to reform the Defi sector and to build a sustainable product, the new Gold Protocol neglected its own safety and was confronted with serious damage. The company did not comment on the issue. The newest tweet is “Stability meets growth.” It was published a few hours before the attack and now looks like a bitter joke.
Other flash loan attacks
As soon as flash loans were introduced, flash loan attacks quickly became one of the tactics used by criminals.
The biggest attack take place In March 2023. The hacker managed to steal around $ 197 million in packaged Bitcoin, packed Ethereum and other assets of the Euler Finance Protocol. The hacker used an error in the calculation speed of the platform. The funds were sent to an address that was previously used by the notorious DVK -Hackers, the Lazarus group. What made this case particularly remarkable is that the Hacker voluntarily returned all funds and apologized.
Other remarkable examples are the Cream Finance Hack ($ 130 million stolen in 2021) and Polter ($ 12 million stolen in 2024). A flash loan was part of the scheme that was used in 2025 to wipe out $ 223 million in crypto from the CETUS protocol based on sui.
