- The New Gold Protocol was hacked just 6 hours after launch due to flaws in its design and pricing system.
- The attacker used flash loans and bypassed token limits to steal $1.9 million from the protocol.
- The price of the NGP token crashed by 88% after the exploit drained almost all funds from the platform.
The New Gold Protocol (NGP), a staking platform built on the BNB blockchain, was hacked just hours after its launch on September 18, 2025. Marketed as an AI-optimized DeFi 3.0 protocol, NGP aimed to bring transparency and sustainability to decentralized finance. However, two major design flaws were exploited, allowing a hacker to drain nearly all its funds.
Security firm Hacken confirmed that the attack was carefully prepared. Six hours before the breach, the attacker gathered assets through flash loans. These loans, commonly used in DeFi, do not require collateral and are often used for high-speed arbitrage or exploitation. In this case, the attacker used them to manipulate NGP’s price.
Price Manipulation and Exploit Tactics
NGP’s token price was determined by scanning the reserves in a DEX liquidity pool. The hacker used this mechanism to their advantage. By swapping BUSD to NGP on PancakePair, they inflated the token price rapidly. This artificial price increase allowed them to convert a large quantity of NGP at a high value.
The protocol included restrictions to prevent such attacks. It had a token buying limit and a cooldown period. Both limits were bypassed using a technical trick. The attacker used the “dEaD” address as the recipient. This method allowed them to evade the buying restrictions.
Funds Drained and Laundered
Once the price was artificially boosted, the hacker began selling large amounts of NGP. This action drained nearly all of the BUSD from the protocol. Analysts estimate the attacker stole about $1.9 million in crypto. After the drain, the hacker converted the funds to BNB-based ETH.
The stolen funds were then transferred to Ethereum. They were routed through Tornado Cash using the Across bridge. Similarly, the hacker behind the Euler Finance attack returned 100 $ETH to a victim but moved the other funds into Tornado Cash. This made the stolen assets harder to trace. While the NGP price spiked during the manipulation, it later dropped 88% once the attack concluded.
Design Flaws and Lack of Oversight
NGP aimed to improve on existing DeFi models by offering deflationary tokens, fair governance, and real-yield rewards. Its whitepaper highlighted transparency and sustainability. However, the design overlooked key security practices.
By failing to safeguard its pricing system and user limits, the protocol exposed itself. The attacker took advantage of these gaps quickly. Despite its promises, NGP could not prevent a loss of funds and trust.
The team behind NGP has not issued a statement. Their last social media update occurred just before the attack.
Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0
PRC Comment Policy
Your comments MUST BE constructive with vivid and clear suggestion relating to the post.
Your comments MUST NOT be less than 5 words.
Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.
Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.
Constructive REPLY to comments is allowed