GANA Payment, a project on BNB Smart Chain, lost more than $3.1 million after an attacker gained control of key contract rights, reports have disclosed.
The thief moved much of the haul through Tornado Cash on both BSC and Ethereum, while roughly $1 million remains idle on Ethereum addresses.
How The Attack Unfolded
According to posts by blockchain researcher ZachXBT, the exploiter consolidated stolen assets at address 0x2e8***5c38 before sending 1,140 BNB — about $1.04 million — into Tornado Cash on BSC.
The thief then bridged funds to Ethereum and pushed 346.8 ETH valued at approximately $1.05 million through the same mixer.
According to Zach (@zachxbt), the GANA Payment’ project was exploited for over $3.1M on BSC earlier today.
The attacker first sent 1,140 $BNB ($1.04M) into Tornado Cash on BSC, then bridged the stolen funds to #Ethereum and deposited another 346 $ETH ($1.05M) into Tornado.
The… pic.twitter.com/q7DL8Mdpzf
— Onchain Lens (@OnchainLens) November 20, 2025
About 346 ETH, close to $1.05 million at the time, sits untouched at address 0x7a503***b3cca. Based on reports from security firm HashDit, the breach began when ownership of a GANA contract was changed without permission, giving the attacker admin-level control over staking logic.
GANA Urgent Announcement
GANA’s interaction contract has been targeted by an external attack, resulting in unauthorized asset theft. Our technical team, together with an independent third-party security firm, has initiated an emergency investigation to analyze the attack vector,…
— GANA Payment (@GANA_PayFi) November 20, 2025
HashDit’s analysis shows that whoever took control could call unstake routines and force the system to release far more GANA tokens than it should have.
Those excess tokens were quickly sold off for more liquid assets and then routed into privacy tools. This is a familiar script: manipulate permissions, mint or extract tokens, convert into stable or liquid crypto, then launder.
Who Spotted It And What Happened Next
ZachXBT flagged the suspicious moves on his Telegram channel. HashDit then dug into the contract and identified the altered ownership as the trigger.
GANA’s team posted an emergency notice acknowledging unauthorized activity on their interaction contract and said they brought in an outside security firm to investigate.
The project said it will map user addresses and permissions as part of a planned reboot and will publish recovery steps and timelines through official channels.
🚨HashDit Alert🚨
HashDit has monitored that @GANA_PayFi has been compromised for ~$3.1m $GANA.
Users should NOT trade with the $GANA token for the time being, and await for team announcement!
Funds have been deposited into TC: https://t.co/rtdjnMvYpI
Root cause: Ownership of… pic.twitter.com/XZzuoMmf8D
— HashDit | now with Pro Extension (@HashDit) November 20, 2025
Featured image from Pexels, chart from TradingView
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
