The New Gold Protocol, a self-described “DeFi 3.0” staking protocol driven by AI and built with sustainability in mind, fell victim to a hacking incident just hours after its launch on September 18, 2025. The hacker exploited two critical flaws in the protocol’s design, showcasing how negligence in protocol development can lead to disastrous consequences.
Nearly $2 million worth of cryptocurrency was stolen from the newly launched New Gold Protocol platform through a flash loan attack. The stolen funds were swiftly transferred to Tornado Cash, a privacy-focused Ethereum mixer, and the identity of the hacker remains unknown. Despite the significant breach, the team behind the New Gold Protocol has chosen to remain silent on the matter.
The New Gold Protocol aimed to address issues such as the lack of standardized pricing mechanisms in DeFi protocols, which often result in volatility and disorder. By leveraging AI optimization, the protocol sought to establish transparency, fairness, and sustainability in the DeFi space. Through token burns and deflationary mechanisms, NGP promised real-yield distributions as opposed to inflationary incentives.
However, shortly after its launch, the New Gold Protocol was targeted by a hacker who exploited vulnerabilities in the protocol’s design. The attacker used flash loans to accumulate assets from different accounts and manipulate the NGP token price through oracle manipulation tactics. By bypassing buying and cooldown limits, the hacker drained nearly all BUSD tokens from the protocol, leaving it with minimal funds and causing the NGP token price to plummet by 88%.
This incident is a stark reminder of the risks associated with DeFi platforms and the importance of prioritizing security in protocol development. The New Gold Protocol’s failure to address critical vulnerabilities ultimately led to significant financial losses and reputational damage. The hack serves as a cautionary tale for other DeFi projects and underscores the need for robust security measures in the rapidly evolving crypto landscape.
Flash loan attacks have become a common tactic used by malicious actors in the DeFi space, with notable incidents including the $197 million theft from Euler Finance in 2023 and the $130 million Cream Finance hack in 2021. These incidents highlight the ongoing challenges faced by DeFi projects in safeguarding user funds and maintaining trust within the community.
As the DeFi sector continues to grow and evolve, it is imperative for projects to prioritize security and implement robust measures to protect against potential threats. The New Gold Protocol hack serves as a sobering reminder of the dangers posed by malicious actors in the decentralized finance space and underscores the importance of proactive security practices in safeguarding user assets.