**The New Gold Protocol Hacked Hours After Launch: A Cautionary Tale in DeFi Security**
The New Gold Protocol (NGP), an AI-driven, self-described DeFi 3.0 staking protocol built with sustainability at its core, was hacked just hours after its launch on September 18, 2025. The attack exposed critical flaws in the protocol’s design and highlights how negligence in security can doom even the most ambitious projects from day one.
—
### What Is the New Gold Protocol?
The New Gold Protocol is a staking platform built on the BNB blockchain, officially launched on September 18, 2025. NGP aims to address several pain points prevalent in many DeFi projects, particularly the lack of standardized pricing rules. According to the NGP whitepaper, numerous DeFi protocols suffer from volatility and disorder due to the absence of consistent, behavior-based pricing mechanisms.
As a next-generation DeFi 3.0 protocol, NGP was designed to outperform competitors by offering intrinsic earnings and an efficient governance model. The development team envisioned achieving transparency, fairness, and sustainability through AI-powered optimization.
NGP promoted its native token as deflationary, featuring token burns to reduce supply and promising real-yield distributions instead of the inflationary and speculative incentives commonly seen elsewhere. Transparency was touted as a key factor ensuring accountability in the project’s operations. However, this approach proved to be insufficient.
—
### How Was NGP Hacked?
The hack occurred shortly after the NGP token launch. To prevent price-inflation attacks, the protocol imposed limits on the amount of NGP tokens that could be purchased. Nevertheless, the attacker found ways to bypass these safeguards.
Flash loans—a popular DeFi feature allowing rapid, uncollateralized borrowing of crypto assets—played a crucial role. These loans are commonly used for arbitrage trading but can also facilitate exploits such as theft or price manipulation. As cybersecurity firm Hacken notes, flash loan attacks often cause millions of dollars in damage.
The hacker employed an oracle-manipulation tactic. NGP determined its token price by assessing reserves in decentralized exchange (DEX) liquidity pools, which exposed the protocol to price manipulation vulnerabilities. Specifically, the attacker started swapping BUSD for NGP tokens on PancakeSwap, artificially inflating NGP’s price.
Despite two built-in protective measures—a buying limit and a cooldown restriction for buyers—both were circumvented because the attacker used the dEaD address (a burn address) as the recipient. This clever workaround left the New Gold Protocol effectively drained of funds.
Following the manipulation, the attacker extracted approximately $1.9 million worth of crypto and quickly converted the assets into BNB-based ETH. According to Hacken, the stolen funds were then routed through Tornado Cash via the Ethereum network, utilizing the Across bridge to obfuscate the transaction trail.
This sequence of events sent the NGP token price soaring temporarily but left the protocol nearly empty-handed. Shortly after, the token’s price plummeted by 88%, devastating investors and damaging the project’s credibility.
—
### The Aftermath and Company Response
Despite grand ambitions to revolutionize the DeFi sector with a sustainable, transparent product, the New Gold Protocol neglected critical aspects of its security design. The result was a severe financial and reputational blow hours after its public debut.
To date, the company has not commented on the hack. The project’s latest tweet, which read “stability meets growth,” was published mere hours before the attack — making it an ironic and bitter reminder of the protocol’s downfall.
—
### Other Notable Flash Loan Attacks in DeFi
Flash loan attacks have become a persistent threat since the feature’s introduction. One of the largest such incidents occurred in March 2023 when the Euler Finance protocol suffered a $197 million loss in Wrapped Bitcoin, Wrapped Ethereum, and other assets. The attacker exploited a calculation error within the platform. Interestingly, this hacker later returned all stolen funds and issued an apology. The infamous Lazarus Group, linked to North Korea’s DPRK hackers, has also been implicated in similar attacks.
Other high-profile flash loan incidents include:
– **Cream Finance (2021):** Approximately $130 million stolen.
– **Polter (2024):** Around $12 million stolen.
– **Cetus Protocol (2025):** The most recent attack wiped out $223 million in crypto on a Sui-based platform, with flash loans playing a central role in the exploit.
—
### Conclusion
The New Gold Protocol hack serves as a stark reminder that innovative concepts and promising visions alone cannot ensure the success of a DeFi project. Robust security design, rigorous testing, and thorough audit protocols are essential to prevent vulnerabilities that can lead to catastrophic financial losses.
As DeFi continues to evolve, projects must prioritize security alongside innovation to protect their users and maintain trust in the ecosystem.
—
*Stay informed and exercise caution when engaging with new DeFi protocols, especially in a landscape where flash loan attacks and oracle manipulations are becoming increasingly sophisticated.*
https://bitcoinethereumnews.com/tech/bnb-chains-new-gold-protocol-hit-by-2m-launch-day-hack/?utm_source=rss&utm_medium=rss&utm_campaign=bnb-chains-new-gold-protocol-hit-by-2m-launch-day-hack