ZachXBT Reveals: BSC Project ‘GANA Payment’ Hit With $3.1M Exploit

Blockchain safety researcher ZachXBT has disclosed that GANA Payment, a cryptocurrency mission working on BNB Smart Chain, suffered a serious exploit leading to losses exceeding $3.1 million.

The attacker efficiently laundered a good portion of the stolen funds by means of Tornado Cash on each BSC and Ethereum networks, whereas roughly $1 million stays dormant on the Ethereum blockchain.

According to info shared by ZachXBT on his Telegram channel, the exploiter consolidated the theft at deal with 0x2e8***5c38 earlier than depositing 1,140 BNB, valued at $1.04 million, into Tornado Cash on BSC.

According to Zach (@zachxbt), the GANA Payment’ mission was exploited for over $3.1M on BSC earlier at this time.

The attacker first despatched 1,140 $BNB ($1.04M) into Tornado Cash on BSC, then bridged the stolen funds to #Ethereum and deposited one other 346 $ETH ($1.05M) into Tornado.

The… pic.twitter.com/q7DL8Mdpzf

— Onchain Lens (@OnchainLens) November 20, 2025

The attacker then bridged funds to Ethereum and moved one other 346.8 ETH value $1.05 million by means of the privateness mixer, although 346 ETH at the moment sits untouched at deal with 0x7a503***b3cca.

Technical Breakdown Reveals Contract Ownership Manipulation

Blockchain safety agency HashDit shortly identified the foundation trigger behind the breach after monitoring the suspicious exercise.

The possession of GANA’s exploited contract was maliciously modified, granting the hacker unauthorized management over the protocol’s staking mechanism and permitting them to control reward charges.

This possession switch allowed the attacker to invoke unstake capabilities and obtain considerably extra GANA tokens than the system meant to distribute.

HashDit Alert

HashDit has monitored that @GANA_PayFi has been compromised for ~$3.1m $GANA.

Users ought to NOT commerce with the $GANA token in the intervening time, and await for group announcement!

Funds have been deposited into TC: https://t.co/rtdjnMvYpI

Root trigger: Ownership of… pic.twitter.com/XZzuoMmf8D

— HashDit | now with Pro Extension (@HashDit) November 20, 2025

The hacker proceeded to dump these extra tokens on the open market, changing them into extra liquid cryptocurrencies earlier than routing proceeds by means of Tornado Cash.

HashDit issued an pressing warning advising customers to keep away from buying and selling GANA tokens till the group gives official steering on the scenario.

The exploit provides one other entry to BSC’s safety document, which had seen comparatively few main incidents all through latest months.

While BNB Chain skilled a 70% discount in losses from $161 million in 2023 to $47 million in 2024, in response to joint analysis from BNB Chain and Hacken, remoted assaults proceed to check the community’s defenses regardless of enhanced safety protocols applied throughout the ecosystem.

Earlier incidents on the community embrace a September phishing attack that drained $13.5 million from a Venus Protocol user after they accredited a malicious transaction. However, the protocol’s sensible contracts remained safe.

In February, meme coin platform Four.Meme also suffered a $183,000 security breach by means of what gave the impression to be a sandwich assault, dropping roughly 125 BNB throughout the incident that adopted volatility round its Test token.

Recovery Plan Announced as Team Launches Investigation

GANA’s official group responded with an pressing announcement acknowledging the exterior assault on their interplay contract and confirming unauthorized asset theft.

GANA Urgent Announcement

GANA’s interplay contract has been focused by an exterior assault, leading to unauthorized asset theft. Our technical group, along with an impartial third-party safety agency, has initiated an emergency investigation to research the assault vector,…

— GANA Payment (@GANA_PayFi) November 20, 2025

The group emphasised they’ve partnered with an impartial third-party safety agency to conduct an emergency investigation, analyzing the assault vector, figuring out vulnerabilities, and assessing the whole scope of influence.

The mission pledged to activate a complete reboot plan, together with the whole mapping of all person asset addresses and their related permissions.

GANA apologized for the inconvenience attributable to the incident and promised to share detailed restoration plans and timelines by means of official channels shortly.

This exploit surfaced simply after the crypto trade recorded its lowest month-to-month loss figures of the 12 months, with solely $18.18 million stolen throughout 15 separate incidents in October, in response to PeckShield data.

That represented an 85.7% decline from September’s $127.06 million in losses, although safety consultants warned that menace actors proceed evolving their ways on the identical tempo as protocols strengthen defenses.

Notably, the GANA breach follows a good bigger assault earlier this month when Balancer Protocol suffered losses exceeding $128 million across multiple chains.

$116M in Crypto Assets Gone – Balancer Suffers One of DeFi’s Largest Exploits

Over $116 million in crypto belongings have been drained from Balancer Protocol, marking some of the extreme decentralized finance (DeFi) exploits of 2025.

At roughly 9:12 AM on Monday,…

— Cryptonews.com (@cryptonews) November 7, 2025

The attacker focused Balancer V2 Composable Stable Pools by means of refined smart-contract manipulations involving improper authorization and callback dealing with, draining belongings inside minutes earlier than laundering funds by means of Tornado Cash.

While the liquid staking protocol StakeWise recovered $19.3 million in osETH through a contract call, lowering whole losses to roughly $98 million, the incident precipitated Balancer’s whole worth locked to plummet from $442 million to $214.52 million inside a single day.

The put up ZachXBT Reveals: BSC Project ‘GANA Payment’ Hit With $3.1M Exploit appeared first on Cryptonews.