COINOTAG News reported on November 20 that the GANA Payment platform faced a breach with losses exceeding $3.1 million. SlowMist founder Cosmos Yu attributed the theft to the leakage of the Owner’s private key for the GANA Payment Stake contract, enabling unauthorized access to user funds. The incident underscores how key material exposure can trigger material security risks for DeFi-enabled payment protocols.
Subsequent attack vectors reportedly relied on the 7702 delegate exploit and bypassed the onlyEOA check for unstaking. By modifying stake rates and fees, attackers moved from staking a few hundred USDT to unstaking tens of thousands, resulting in the aggregate drain of hundreds of thousands of USDT.
This episode reinforces the need for stringent security controls, including private key protection and comprehensive smart contract auditing, to curb similar exploits and protect liquidity in crypto ecosystems.