$3.1 Million GANA Payment Hack: A Shocking Breach

The GANA Payment project, hosted on the BNB Smart Chain, has suffered a devastating breach, with over $3.1 million stolen after an attacker seized control of significant contract privileges.

According to reports, the hacker utilized Tornado Cash on both the BNB Smart Chain and Ethereum to move a large portion of the stolen funds, leaving approximately $1 million still dormant in Ethereum wallets.

The Sequence of the Attack

Blockchain investigator ZachXBT detailed the sequence of events, revealing that the perpetrator aggregated the stolen assets at the address 0x2e8***5c38 before transferring 1,140 BNB, valued at around $1.04 million, into Tornado Cash on the BNB Smart Chain.

Following this, the hacker bridged the funds to Ethereum, where they transferred 346.8 ETH, equivalent to approximately $1.05 million, into the same mixer.

ZachXBT reported that the GANA Payment project was compromised for over $3.1M on BSC earlier today. The attacker initially transferred 1,140 $BNB ($1.04M) into Tornado Cash on BSC, then bridged the stolen funds to #Ethereum and deposited another 346 $ETH ($1.05M) into Tornado.

The… pic.twitter.com/q7DL8Mdpzf

— Onchain Lens (@OnchainLens) November 20, 2025

Roughly 346 ETH, valued at nearly $1.05 million at the time, remains untouched at the address 0x7a503***b3cca. Reports from the security firm HashDit indicate that the exploit emerged when the ownership of a GANA contract was altered without authorization, granting the attacker administrative rights over staking protocols.

GANA Urgent Announcement: GANA's interaction contract has been the target of an external attack, leading to unauthorized asset theft. Our technical team, in collaboration with an independent security firm, has launched an emergency investigation to assess the attack vector,…

— GANA Payment (@GANA_PayFi) November 20, 2025

HashDit's investigation reveals that the malicious actor had the ability to execute unstake routines, allowing the system to release an excessive number of GANA tokens, far beyond what was intended.

The surplus tokens were swiftly liquidated for more stable assets and then funneled through privacy tools. This pattern of behavior is all too familiar: manipulate permissions, mint or extract tokens, convert them into stable or liquid cryptocurrencies, and then launder the proceeds.

Identifying The Source of the Breach

As the investigation continues, the GANA Payment team is working diligently to patch the vulnerabilities and ensure the security of their platform. This incident serves as a stark reminder of the risks associated with decentralized finance and the importance of robust security measures.

In the ever-evolving landscape of cryptocurrency, staying vigilant against potential threats is paramount for both developers and users alike. The GANA Payment attack underscores the need for constant monitoring and swift action in the face of cyber threats.

As the situation develops, stakeholders in the crypto community remain on high alert, hoping for resolutions and improved security protocols to prevent such incidents in the future.