The new Gold Protocol, which was built as a core sustainability “Defi 3.0” Staying Protocol “of the AI -centered self -description, took several hours after its launch. The hack was held on September 18, 2025. The hacker exploited two flaws in NGP design. This case shows how the fruit of the protocol design can destroy the project from the first day.
summation
- Nearly $ 2 million was stolen in the new gold protocol platform just released through the flash loan attack.
- The stolen money was sent to Tornado cash. Hackers are not identified.
- The team of the new gold protocol keeps silence.
- The biggest flash loan attack caused more than $ 100 million.
What is a new gold protocol?
The new gold protocol is a staying protocol that started on September 18, built on the BNB block chain.
One of the problems that the new gold protocol should solve is “lack of price rules.” According to the white paper, many Defi protocols “lack of standardized mechanisms of behavioral prices, causing volatility and obstacles.”
The “next generation Defi 3.0” The new gold protocol is intended to surpass inefficient competitors with no essential income and governance models. The NGP team has seen a way to achieve transparency, fairness and sustainability through AI optimization.
The new gold protocol was trying to create a comprehensive staying platform with a transparent and automated environment that continues through smart contracts. Due to token burns, NGP promoted the basic token as deflation. It promised actual yield distribution instead of inflation and speculation incentives. The NGP white paper suggests that transparency is responsible. But it turns out that this is not enough.
How was NGP hacked?
The hack was done immediately after the NGP token was released. The amount of NGP tokens that can be purchased was limited to prevent price inflation attacks, but hackers found a way to bypass this.
According to an analyst at Blockchain Security Company Hacken, six hours before the attack, the hacker used another account to accumulate many assets through flash loans. Flash loan is a popular feature on the Defi platform. They can quickly borrow encryption assets without collateral. Borrowing funds can be used for stealing or price operation in arbitrage, protocols. As Hacken pointed out, the damage caused by flash loan attacks can reach millions of dollars.
The attacker used Oracle operation tactics. The protocol scanned the reserves in the liquidity pool of DEX to determine the price of NGP tokens so that the attacker can manipulate the price. The attacker began to change the BUSD from PancakePair to NGP and quickly pumped the price of NGP.
The new gold protocol includes two limitations: the purchase limit and the buyer’s waiting time limit. The attacker bypass both as the recipient of the “dead” address.
The next movement was to sell NGP and drain almost all BUSD tokens from the protocol. It left a new gold protocol with almost no funds. The attacker earned $ 1.9 million worth of encryption and immediately changed funds to BNB -based ETH.
According to Hacken Team, the following measures include Ether Lee’s deposit to tornado cash. This measure sent an NGP price by leaving the protocol with a small amount of money. Soon the price of NGP tokens plunged 88%.
Unfortunately, despite the ambitious plan to reconstruct the defects and build a sustainable product, the new gold protocol ignored its own security and suffered serious damage. The company did not mention this problem. The latest tweets read, “Stability meets growth.” It was published a few hours before the attack and now it looks like a written joke.
Other flash loan attacks
As soon as the flash loan was introduced, the flash loan attack became one of the tactics used by criminals.
The biggest attack took place in March 2023. The hacker stole about $ 17 million from the wrapped bitcoin, wrapped Etherrium and other assets of the Euler Finance protocol. The hacker was using an error in the speed of the platform. The funds were sent to the previously used address by the notorious DPRK hacker, Lazarus Group. It is particularly notable that the hacker voluntarily returned and apologized.
Other notable examples include cream finance hacking ($ 130 million in 2021) and polar ($ 12 million in 2024). Flash loans were part of the system used to delete $ 223 million encryption in the CETUS protocol based on the 2025 SUI.