The New Gold Protocol has been exploited for $2M after an attacker manipulated its price oracle with a flash load, leading the asset to collapse by 88%.
By Zoran Spirkovski
Editor Julia Sakovich
Updated
2 mins read
New Gold Protocol, a DeFi staking project, lost around 443.8 Ethereum ETH $4 582 24h volatility: 1.7% Market cap: $552.66 B Vol. 24h: $41.93 B , valued at $2 million, in an exploit on Sept 18. The attack caused the project’s native NGP token to crash by 88%, wiping out most of its market value in less than an hour.
The incident was flagged by multiple blockchain security firms, including PeckShield and Blockaid. Both firms confirmed the amount stolen and tracked the movement of the funds. Blockaid’s analysis identified the specific vulnerability that the attacker used.
🚨 Community Alert:
Blockaid’s exploit detection system identified multiple malicious transactions targeting the NGP token on BSC.
Roughly $2M has been drained.↓ We’re monitoring in real time and will share updates below pic.twitter.com/efxXma0REQ
— Blockaid (@blockaid_) September 17, 2025
According to the Blockaid report, the hack was a price oracle manipulation attack. The protocol’s smart contract had a critical flaw; it determined the NGP token’s price by looking at the asset reserves in a single Uniswap liquidity pool. This method is insecure because a single pool’s price can be easily manipulated.
The attacker used a flash loan to borrow a large amount of assets. A flash loan consists of a series of transactions that borrow and return a loan within the same transaction. They used these assets to temporarily skew the reserves in the liquidity pool, tricking the protocol into thinking the NGP token was nearly worthless. This allowed the hacker to bypass a maximum purchase limit and buy a huge number of NGP tokens at minimal prices.
The next transactions in the chain, reversed the initial trade and repaid the flash loan, netting the hacker a 443.8 ETH profit. The funds were then taken to the Ethereum network and deposited into the Torando Cash mixer to obfuscate the trail.
This exploit highlights several red flags that surrounded the project. Unlike legitimate, audited tokens, NGP operated with little transparency and was plagued by extremely low trading volume. This incident is part of a larger pattern, as reports show that rising crypto hacks are becoming more frequent. It also adds to the debate over developer liability, a topic that crypto firms urge lawmakers to address.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
As a Web3 marketing strategist and former CMO of DuckDAO, Zoran Spirkovski translates complex crypto concepts into compelling narratives that drive growth. With a background in crypto journalism, he excels in developing go-to-market strategies for DeFi, L2, and GameFi projects.
