GANA Payment, a BEP-20 token project operating on the Binance Smart Chain (BSC), has suffered a $3.1 million exploit. The confirmation of details and tracing of the laundering of stolen funds was by blockchain investigator ZachXBT.
How the GANA Payment Exploit Occurred
An attacker took $3.1 million in cryptocurrency from GANA Payment’s project contracts and liquidity pools on November 20, 2025. The attacker first converted the assets into 1,140 BNB, or $1.04 million, at a BSC address.
Then they immediately transferred the money to Tornado Cash, a privacy-focused mixer that obfuscates transaction records and makes asset recovery more difficult. With 346.8 ETH (about $1.05 million) transferred via Tornado Cash and another 346 ETH (worth $1.046 million) kept dormant in an Ethereum wallet. The remaining compromised funds were bridged to the Ethereum network.
ZachXBT’s on-chain analysis confirms the multi-step laundering process, a tactic increasingly favored in recent attacks on BNB Chain. The move to Tornado Cash and subsequent cross-chain transfers make it much more challenging for law enforcement and exchanges to track and freeze the stolen assets.
DeFi Security Risks and Response
GANA Payment lacked comprehensive security audits or publicly available technical documentation, leaving it susceptible to smart contract vulnerabilities. This hack follows a string of similar BSC exploits. They had poorly audited contracts rapidly drained, and attackers evaded detection through privacy tools and cross-chain bridging. DefiLlama reports that BSC projects have collectively lost over $100 million to such exploits in 2025.
Security analysts stress the need for regular audits and transparency in DeFi projects. The rapid execution and coordination observed in the GANA exploit mirror those seen in other incidents, such as the Future Protocol and smaller DEX attacks.
Recovery prospects remain bleak. Blockchain monitoring services and alert networks continue to track the dormant Ethereum addresses and related wallets, but the attacker presently retains control over more than $1 million in unlaundered ETH.
READ MORE: Starknet Price Prediction as BTC Staking Crosses $365 Million
