GANA Payment Loses $3.1M in Security Breach on BSC

Key Highlights:

• GANA payment faced security breach today, November 20, 2025.
• There has been a loss of $3.1 million according to blockchain sleuth, ZachXBT.
• The attacker has masked stolen asset worth $1.05 million details through Tornado Cash and the rest $1.046 million are present in a dormant wallet.

GANA Payment, a payment platform that is built on Binance Smart Chain, faced a security breach earlier today, November 20, 2025, that led to losses of more than $3.1 million according to the details shared by blockchain sleuth, ZachXBT, on his Telegram channel. This incident adds to the growing list of recent exploits hitting payment and DeFi projects on BSC. This exploit also spotlights weaknesses in smart contract security and also highlights the use of mixers like Tornado Cash for laundering purposes.

Details of the Exploit

The stolen assets were consolidated into a single wallet identified as:

Attacker Wallet Address: 0x2e8a8670b734e260cedbc6d5a05532264aae5c38

After the theft, the attacker deposited the majority of the stolen funds into Tornado Cash, a decentralized cryptocurrency mixer known for obscuring transaction trails. On BSC 1,140 BNB (approximately $1.04 million) were sent to Tornado Cash, and the traces of the illegal activity have been vanished.

Cross-Chain Laundering Through Ethereum

The attacker then bridged a portion of the stolen assets from BSC to Ethereum, which complicates the tracing process all the way more. On the Ethereum network, 346.8 ETH (worth approximately $1.05 million) was also deposited into Tornado Cash, continuing the process of masking.

The rest of the funds which is about 346 ETH (worth approximately %1.046 million) remains dormant as of now in an Ethereum wallet without any evidence of withdrawal or transfer. The address of the dormant Ethereum wallet is 0x7a503e3ab9433ebf13afb4f7f1793c25733b3cca.

ETH parked in a dormant wallet

GANA Addresses the Situation

GANA, through social media platform X, confirmed that its interaction contract was compromised in a major security breach today, November 20, 2025. This breach led to theft of assets from the project’s core contracts. The team has started an investigation along with external security experts to get to the bottom of the situation. The main focus right now is to figure out how the attack happened and how far do the damage goes.

GANA Urgent Announcement

GANA’s interaction contract has been targeted by an external attack, resulting in unauthorized asset theft. Our technical team, together with an independent third-party security firm, has initiated an emergency investigation to analyze the attack vector,…

— GANA Payment (@GANA_PayFi) November 20, 2025

The team is also planning to review all user addresses to understand who may have been affected. GANA says that it will rebuild parts of the system and share a recovery plan soon, and will restore any impacted user assets.

The platform has also mentioned that it will continuously update the users about the investigation progress and will communicate through official channels.

After the exploit, GANA dropped by more than 90% in the last 24 hours as per GeckoTerminal.

Similar Hacks

The GANA payment hack is not something new in this space. This year, other DeFi projects have been equally affected. For example, the most recent one being the Balancer project which lost more than $120 million because of a bug in its system that allowed the attacker to drain its pools.

Then there was a platform known as Infini that lost around $50 million. This was an insider job as the attacker had special access and he misused it.

Starknet’s zkLend lost almost $9.52 million due to a mathematical error in its smart contract. These incidents are a stark reminder of the fact that even popular crypto platforms can have weak spots, especially in their coding or permission setups, and users should be careful.

Also Read: RedStone Deploys First Push Oracle on GIWA Layer-2 Testnet