AI-driven, self-described “DeFi 3.0” staking protocol The Contemporary Gold Protocol, constructed “with sustainability at its core,” used to be hacked hours after originate. The hacking took space on Sept. 18, 2025. The hacker exploited two flaws within the make of NGP. The case demonstrates how negligence in protocol make would possibly maybe well even doom a mission from day one.
- Merely about $2 million in crypto used to be stolen from the becoming-launched Contemporary Gold Protocol platform by ability of a flash mortgage assault.
- Stolen money used to be despatched to Tornado Cash. The hacker is no longer identified.
- The team within the again of the Contemporary Gold Protocol keeps still.
- The greatest flash mortgage assaults resulted in over $100 million in losses.
What’s Contemporary Gold Protocol?
The Contemporary Gold Protocol is a staking protocol constructed on high of the BNB blockchain and launched on Sept. 18.
One of the most considerations that The Contemporary Gold Protocol aimns to resolve is the “lack of pricing rules.” Fixed with the whitepaper, many DeFi protocols “lack standardized mechanisms for behavior pricing, main to volatility and disorder.”
The “subsequent-technology DeFi 3.0” Contemporary Gold Protocol used to be intended to outperform competitors that stop no longer have intrinsic earnings and whose governance models are inefficient. The NGP team noticed the becoming method to raise out transparency, equity, and sustainability through AI optimization.
Scalable, transparent, and time-aware — Contemporary Gold Protocol sets a brand novel benchmark for staking protocols.#BSCDeFi #CryptoStaking pic.twitter.com/UlxcO60WVG
— Contemporary Gold Protocol (@newgoldprotocol) August 28, 2025
The Contemporary Gold Protocol used to be striving to have an inclusive staking platform with a transparent, computerized ambiance sustained by ability of graceful contracts. Due to the token burns, NGP promoted its native token as deflationary. It promised precise-yield distributions as an different of inflationary and speculative incentives. The NGP whitepaper steered that transparency ensures accountability. On the other hand, it grew to change into out that this used to be no longer passable.
How used to be NGP hacked?
The hacking took space rapidly after the originate of the NGP token. The amount of NGP tokens that would possibly maybe be purchased used to be restricted to prevent tag-inflation assaults, however the hacker stumbled on a ability to bypass it.
Fixed with analysts from blockchain security firm Hacken, six hours earlier than the assault the hacker gathered a excessive selection of sources by ability of flash loans the utilize of quite quite a lot of accounts. Flash loans are a feature in sort on DeFi platforms. They allow borrowing crypto sources fleet without collateral. Borrowed funds would possibly maybe well even be veteran for arbitrage shopping and selling, stealing funds from a protocol, or tag manipulation. As Hacken notes, the damage introduced about through flash mortgage assaults would possibly maybe well even amount to thousands and thousands of bucks.
The attacker veteran an oracle-manipulation tactic. The protocol certain the NGP token tag by scanning its reserves within the DEX’s liquidity pool, which allowed the attacker to manipulate the cost. The attacker started swapping BUSD to NGP on PancakePair, which pumped NGP’s tag fleet.
The Contemporary Gold Protocol contained two limits: a shopping limit and a cooldown limit for investors. Each have been bypassed as the attacker veteran the “dEaD” tackle as the recipient.
The next cross used to be draining nearly your whole BUSD tokens from the protocol by ability of promoting NGP. It left The Contemporary Gold Protocol with nearly no funds. The attacker then obtained $1.9 million price of crypto and at as soon as swapped the funds to BNB-basically basically based ETH.
Fixed with the Hacken team, the next actions integrated depositing stolen funds to Tornado Cash through Ethereum bridged with All over. The motion despatched the NGP tag up whereas leaving the protocol with only a tiny amount of funds. Soon, the NGP token tag plummeted 88%.
Sadly, despite ambitious plans to reshape the DeFi sector and make a sustainable product, The Contemporary Gold Protocol pushed apart its have security and confronted excessive damage. The firm didn’t observation on the relate. Essentially the latest tweet reads “stability meets improve.” It used to be published quite a lot of hours earlier than the assault and now looks esteem a bitter joke.
📊 Stability meets improve. Contemporary Gold Protocol’s AI-driven pools balance liquidity all the method through every surges and dips, rising a more fit long-duration of time market curve. #DeFiAI #Crypto pic.twitter.com/BdjmxRHDDl
— Contemporary Gold Protocol (@newgoldprotocol) September 18, 2025
Loads of flash mortgage assaults
As rapidly as flash loans have been presented, flash mortgage assaults fleet turned into one in all the ways veteran by criminals.
The greatest assault took space in March 2023. The hacker managed to rob around $197 million in Wrapped Bitcoin, Wrapped Ethereum, and varied sources from the Euler Finance protocol. The hacker used to be the utilize of an error within the platform’s calculation price. The funds have been despatched to an tackle veteran earlier by the notorious DPRK hackers, the Lazarus Neighborhood. What made this case especially famous is that the hacker voluntarily returned your whole funds and apologized.
Loads of famous examples embody the Cream Finance hack ($130 million stolen in 2021) and Polter ($12 million stolen in 2024). A flash mortgage used to be section of the plan veteran in 2025 to wipe out $223 million in crypto from the Cetus protocol in step with Sui.
