Home Articles GANA Payment Drained for $3.1M in BSC Exploit, ZachXBT Confirms

GANA Payment Drained for $3.1M in BSC Exploit, ZachXBT Confirms

Simon Simba

Updated: November 20th, 2025

Editor:

Joseph Alalade

GANA Payment, a BEP-20 token project operating on the Binance Smart Chain (BSC), has suffered a $3.1 million exploit. The confirmation of details and tracing of the laundering of stolen funds was by blockchain investigator ZachXBT.

https://twitter.com/OnchainLens/status/1991407035473359283?s=20

How the GANA Payment Exploit Occurred

An attacker took $3.1 million in cryptocurrency from GANA Payment’s project contracts and liquidity pools on November 20, 2025. The attacker first converted the assets into 1,140 BNB, or $1.04 million, at a BSC address.

Then they immediately transferred the money to Tornado Cash, a privacy-focused mixer that obfuscates transaction records and makes asset recovery more difficult. With 346.8 ETH (about $1.05 million) transferred via Tornado Cash and another 346 ETH (worth $1.046 million) kept dormant in an Ethereum wallet. The remaining compromised funds were bridged to the Ethereum network.

ZachXBT’s on-chain analysis confirms the multi-step laundering process, a tactic increasingly favored in recent attacks on BNB Chain. The move to Tornado Cash and subsequent cross-chain transfers make it much more challenging for law enforcement and exchanges to track and freeze the stolen assets.

DeFi Security Risks and Response

GANA Payment lacked comprehensive security audits or publicly available technical documentation, leaving it susceptible to smart contract vulnerabilities. This hack follows a string of similar BSC exploits. They had poorly audited contracts rapidly drained, and attackers evaded detection through privacy tools and cross-chain bridging. DefiLlama reports that BSC projects have collectively lost over $100 million to such exploits in 2025.

Security analysts stress the need for regular audits and transparency in DeFi projects. The rapid execution and coordination observed in the GANA exploit mirror those seen in other incidents, such as the Future Protocol and smaller DEX attacks.

Recovery prospects remain bleak. Blockchain monitoring services and alert networks continue to track the dormant Ethereum addresses and related wallets, but the attacker presently retains control over more than $1 million in unlaundered ETH.

Follow Bankless Times on Google News

We`ve got crypto covered – every trend, every insight, every move that matters. Add us to your feed and stay ahead of the market.

Crypto News DeFi

Contributors

Simon Simba

Simon is a writer with five years experience in crypto and iGaming. He currently works as a freelance writer at BanklessTimes where he focuses on simplifying daily crypto developments for readers. He discovered crypto in 2022 while writing news about NFTs for a news website in the US, and has since written for two other international NFT projects, and a Web3 gaming agency.

Latest News

Korea’s FIU to Penalize Several Crypto Exchanges after Widespread AML/KYC Violations Simon Simba

Galaxy Digital to Launch $100M Crypto Hedge Fund in 2026 Simon Simba

Nasdaq Pushes to Raise IBIT Bitcoin ETF Options Cap to 1 Million Contracts Simon Simba

{"cryptoCoinData":{"marketData":{"coinGeckoId":"mezo-wrapped-btc","symbol":"BTC","name":"Mezo Wrapped BTC","currentPrice":87985,"high24H":89662,"low24H":87264,"priceChange24H":-1532.86066239276,"priceChangePercentage24H":-1.71236,"lastUpdated":"2026-01-23T11:11:21.819Z"}},"cryptoCoin24HSparkline":null,"heading":null}