Sep 2025 - New Gold Protocol Flashloan Attacks Flawed Burn Mechanism - $1.9m (Global)
New Gold Protocol (NGP) envisions a fair, transparent, and sustainable Web3 financial ecosystem by leveraging the principles of DeFi 3.0. The protocol is committed to equal opportunity for all users, regardless of background or resources, by ensuring fair participation and reward mechanisms. NGP promotes complete transparency through publicly accessible, code-based systems and on-chain financial tracking, enabling open supervision and trust. Its ultimate goal is to create an autonomous, rules-based economic environment where smart contracts and decentralized governance replace traditional financial intermediaries.
At the core of NGP is the $NGP token, which functions as a multi-utility asset within the ecosystem. It acts as a credential for DAO governance, empowering users to vote and participate in decision-making processes. Additionally, $NGP serves as a key to trigger smart contract functionalities and unlock various financial modules within the protocol. These mechanisms form the foundation for a self-sustaining, intelligent system that integrates incentives, governance, and modular expansion, making $NGP a crucial component of user interaction and protocol growth.
NGP introduces a suite of next-generation systems to ensure stability, real yield distribution, and liquidity. Through its LP Bond mechanism, it attracts long-term capital and stabilizes prices. The Profit Pool transforms user selling behavior into positive ecosystem momentum, while the DAO Treasury Pool manages market interventions and maintains price stability. These innovative approaches collectively create a financial structure that is resilient, transparent, and driven by community consensus—paving the way for a more orderly Web3 financial civilization
Unfortunately, despite multiple promises of security, the New Gold Protocol contained a vulnerability.
According to TenArmor, "It appears that the transfer() function in the NGP contract has a flawed burn mechanism, burning NGP tokens from the pair when selling tokens to the pair. The attacker borrowed 200M USDT via flashloans to manipulate the NGP price in the pair."
CertiK provided a technical analysis "The exploiter flashloaned $211M to manipulate the NGP token balance to such a low value that the aforementioned deduction in selling 1.36M NGP reduces the NGP reserve value 13.6 million times from 477K to 0.035. This breaks the k=xy swapping curve, allowing the exploiter to drain the victim pool.".
Losses were reported by TenArmor as "approximately" "$2M". Extractor_web3 reported the losses as "$1.9M".
The situation was quickly reported by multiple third parties including CertiK, BlockAid, Hacken, TenArmor, and Extractor Web3 in various security alerts.
While third parties continued to report on the breach, the protocol has only continued on posting scheduled promotions. There does not appear to be any acknowledgement of the incident or attempt to resolve the situation for affected users.
There is no reported recovery. The protocol has not even acknowledged the incident publicly.
The hack remains unaddressed by the protocol team.
Further Analysis
Despite its vision of building a fair and transparent Web3 financial system, New Gold Protocol (NGP) suffered a major security breach due to a flaw in its token’s burn mechanism. Exploiters used a $211M flashloan to manipulate the price of $NGP, breaking the protocol’s core swap logic and draining liquidity pools—resulting in losses of around $2 million. The incident was quickly flagged by major blockchain security firms like CertiK and TenArmor, but the NGP team has not acknowledged the exploit publicly or taken any visible steps toward user compensation or recovery.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Unknown Base Smart Contract Wrapped Ethereum Attack Theft > > < < WET Token Redemption Price Manipulation Flashloan Arbitrage
Sources/Further Reading
TenArmor - "Our system has detected that #NGP on #BSC was attacked, resulting in an approximately loss of $2M." - Twitter/X (Dec 31)
Attack Transaction - BSCScan (Dec 31)
ExtractorWeb3 - "NGP (New Gold Protocol) on BNB Chain was exploited just hours after trading went live." - Twitter/X (Dec 31)
Theft Address - BSCScan (Dec 31)
CertiK - "We have seen a ~$2M exploit on NGP token, whose transfer logic states that 35% of the selling amount is deducted from the pool balance, which is then synced." - Twitter/X (Dec 31)
Exploit Transaction Details - CertiK Skylens (Dec 31)
New Gold Protocol Twitter/X Account (Dec 31)
New Gold Protocol - "Security is non-negotiable. New Gold Protocol ensures transparency with on-chain rules, DAO governance, and automated burns — protecting both the system and its users." - Twitter/X (Dec 31)
New Gold Protocol Link Tree (Dec 31)
New Gold Protocol Homepage (Dec 31)
New Gold Protocol - "True yield comes from true discipline. New Gold Protocol’s staking tiers reward those who commit, reinforcing patience with compounding strength." - Twitter/X (Dec 31)
New Gold Protocol - Time is value. In New Gold Protocol, every day staked strengthens both personal rewards and protocol stability. The longer you stay, the more powerful your outcome." - Twitter/X (Dec 31)
New Gold Protocol - "Stability meets growth. New Gold Protocol’s AI-driven pools balance liquidity during both surges and dips, creating a healthier long-term market curve." - Twitter/X (Dec 31)
New Gold Protocol - "NGP is going LIVE! Are you ready for Defi 3.0?" - Twitter/X (Dec 31)
New Gold Protocol - "Scarcity creates strength. With burns on claims and sells, New Gold Protocol reduces supply continuously until only 10M tokens remain, securing long-term value." - Twitter/X (Dec 31)
Rekt - New Gold Protocol - Rekt (Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|