$3.1 Million Vanishes: The GANA Payment Attack No One Saw Coming

GANA Payment, a project on BNB Smart Chain, lost more than $3.1 million after an attacker gained control of key contract rights, reports have disclosed. The thief moved much of the haul through Tornado Cash on both BSC and Ethereum, while roughly $1 million remains idle on Ethereum addresses. How The Attack Unfolded According to posts by blockchain researcher ZachXBT, the exploiter consolidated stolen assets at address 0x2e8***5c38 before sending 1,140 BNB — about $1.04 million — into Tornado Cash on BSC. The thief then bridged funds to Ethereum and pushed 346.8 ETH valued at approximately $1.05 million through the same mixer. According to Zach (@zachxbt), the GANA Payment’ project was exploited for over $3.1M on BSC earlier today. The attacker first sent 1,140 $BNB ($1.04M) into Tornado Cash on BSC, then bridged the stolen funds to #Ethereum and deposited another 346 $ETH ($1.05M) into Tornado. The… pic.twitter.com/q7DL8Mdpzf — Onchain Lens (@OnchainLens) November 20, 2025 About 346 ETH, close to $1.05 million at the time, sits untouched at address 0x7a503***b3cca. Based on reports from security firm HashDit, the breach began when ownership of a GANA contract was changed without permission, giving the attacker admin-level control over staking logic. GANA Urgent Announcement GANA’s interaction contract has been targeted by an external attack, resulting in unauthorized asset theft. Our technical team, together with an independent third-party security firm, has initiated an emergency investigation to analyze the attack vector,… — GANA Payment (@GANA_PayFi) November 20, 2025 HashDit’s analysis shows that whoever took control could call unstake routines and force the system to release far more GANA tokens than it should have. Those excess tokens were quickly sold off for more liquid assets and then routed into privacy tools. This is a familiar script: manipulate permissions, mint or extract tokens, convert into stable or liquid crypto, then launder. Who Spotted It And What Happened Next ZachXBT flagged the suspicious moves on his Telegram channel. HashDit then dug into the contract and identified the altered ownership as the trigger. GANA’s team posted an emergency notice acknowledging unauthorized activity on their interaction contract and said they brought in an outside security firm to investigate. The project said it will map user addresses and permissions as part of a planned reboot and will publish recovery steps and timelines through official channels. HashDit Alert HashDit has monitored that @GANA_PayFi has been compromised for ~$3.1m $GANA. Users should NOT trade with the $GANA token for the time being, and await for team announcement! Funds have been deposited into TC: https://t.co/rtdjnMvYpI Root cause: Ownership of… pic.twitter.com/XZzuoMmf8D — HashDit | now with Pro Extension (@HashDit) November 20, 2025 Featured image from Pexels, chart from TradingView