The GANA Payment project lost more than $3.1 million in an attack that occurred Thursday morning. Researcher ZachXBT, known for his on-chain analysis, explained that the attacker first accumulated the funds on the BNB Smart Chain and then began hiding them on both BSC and Ethereum using Tornado Cash.
How did the hacker act?
The attacker first accumulated the seized assets at the BSC address "0x2e8...e5c38." A significant portion of the funds were then converted to BNB. 1,140 BNB, worth approximately $1.04 million, was then transferred to Tornado Cash. This was the attacker's initial attempt to cover their tracks.
According to ZachXBT, the remaining assets were then transferred to Ethereum. This time, the exploiter deposited 346.8 ETH into Tornado Cash, equivalent to approximately $1.05 million. In addition, another 346 ETH, worth around $1.046 million, is reportedly sitting idle at the Ethereum address "0x7a5...b3cca." It's believed the attacker hasn't yet mixed these funds and is likely holding them for a second round.
GANA price plummets
GANA Payment is a small-scale payment token project operating on the BNB Smart Chain. Built around the BEP-20 standard GANA token, the project primarily trades through DEXs and liquidity pools. There is no comprehensive technical documentation, code review report, or audit trail for the project. Therefore, the vulnerability responsible for the attack remains unclear.
This security uncertainty has had a significant impact on prices. According to GeckoTerminal data, the GANA token lost more than 90% of its value in a matter of hours. The depletion of liquidity pools and panicked investor sales have driven the price to near zero.
This attack adds to the series of security incidents that have occurred on the BNB Chain this year. According to DefiLlama's hack tracking, total losses on medium-sized BSC projects alone exceeded $100 million during 2025. Most attacks share common themes: unverified contracts, weak access controls, malicious manipulation of liquidity pools, and sometimes intra-team key leaks.
For example, the recent Future Protocol incident followed a similar pattern. Attackers first identified the void, then quickly drained the pools, distributed the funds across multiple addresses, and finally mixed them with Tornado Cash. The GANA Payment incident follows the same pattern: rapid draining, consolidation, interchain bridging, and sending to the mixer.
Despite the widespread use of BNB Chain, the proliferation of vulnerabilities at this scale highlights the lack of oversight in smaller projects. Experts say that the rapid launch of low-budget projects, particularly those driven by the "minimum viable" mentality, creates significant opportunities for malicious actors.
