Crypto project GANA Payment lost over $3,1 million as a result of a hacker attack.
The investigation revealed that the hacker received super-profitable staking rewards and withdrew them to the market.
21.11.2025 - 10:20
280
3 min
0
Blockchain security researcher ZachXBT reported that the GANA Payment crypto project on BNB Smart Chain was hit by a serious attack. The damage exceeded $3,1 million. The hacker withdrew most of the funds through Tornado Cash on the BSC and Ethereum networks, with about $1 million in ETH still untouched.
How the attack unfolded
According to ZachXBT, the attacker collected the stolen assets at the address 0x2e85c38 and then sent 1140 BNB (about $1,04 million) to Tornado Cash on BSC. Later, he transferred part of the funds to the Ethereum network and ran another 346,8 ETH (about $1,05 million) through the mixer.
HashDit quickly found the cause of the hack: the hacker changed the owner of the GANA smart contract and gained full access to the staking mechanism. This allowed him to control reward accruals and trigger staking cancellation functions, receiving far more tokens than the system intended.
The attacker brought additional tokens to the market, exchanged them for more liquid assets, and then sent the funds through Tornado Cash. HashDit issued a warning and recommended temporarily refraining from trading GANA tokens until official clarification from the project team.
Other incidents on the BSC network
This hack was yet another event in the Binance Smart Chain ecosystem. Despite overall improvements, attacks are still happening. According to a report by BNB Chain and Hacken, losses on the network have decreased by 70%, from $161 million in 2023 to $47 million in 2024. However, individual attacks continue to test the network’s resilience.
Previous incidents have been recorded on the network:
- in September, a Venus Protocol user lost $27 million by signing a malicious transaction (the protocol’s smart contracts were not affected);
- in February, the meme platform Four.Meme lost $183 000 due to a probable sandwich attack and the volatility of the test token.
In October, hackers broke into the BNB Chain account on X and used it to publish phishing links disguised as legitimate services and BSC token distributions.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$62 703
BTC
-3.03%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.1
XRP
-3.25%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.079107
DOGE
-5.16%
-
Zcash
$421.31
ZEC
-6.47%
-
Stellar XLM
$0.193809
XLM
-6.15%
-
Cardano
$0.151613
ADA
-4.6%
-
Polkadot
$3.32
DOT
+5.27%