ZachXBT reports $3.1M exploit at GANA Payment
GANA Payment, a payments project on BNB Smart Chain, has become the latest target for hackers. The breach was first flagged by on-chain investigator ZachXBT, who has been tracking suspicious transactions and high-profile crypto scams for several years.
According to his findings, an unknown attacker drained the project’s smart contracts of more than $3.1 million in just a few minutes. First, the funds were pulled into a single wallet on BSC, where a large portion of the assets was swapped into BNB. Around 1,140 BNB, worth close to $1 million at market prices, were then sent to the BNB Chain version of Tornado Cash in an attempt to break the trail.
The remaining tokens were bridged over to Ethereum. There, the attacker sent roughly 346.8 ETH into the same mixer. Another ~346 ETH, ZachXBT notes, is still sitting at one address and has not yet moved further, but that does not mean it will not eventually be cashed out.
GANA Payment is a small BEP‑20 payments token that traded mostly on decentralized exchanges and in liquidity pools. The project had little in the way of public technical documentation or detailed security reports. After the exploit, the token price, according to market trackers, plunged by more than 90%, effectively wiping out the market cap.
The GANA case fits a broader pattern on BNB Chain: in 2025 alone, smaller projects on the network have already lost tens of millions of dollars. The playbook tends to look the same: a vulnerable contract, a rapid liquidity drain, consolidation of funds in a single wallet, cross-chain bridges and, at the end of the chain, Tornado Cash.
It is no surprise that ZachXBT was the first to call out the attack. For more than three years he has helped uncover major NFT thefts, taken part in investigations of protocol hacks and assisted victims of exploits like the Atomic Wallet incident in recovering at least part of their stolen assets. The researcher chooses to stay anonymous, runs a popular X (formerly Twitter) account with a platypus avatar and funds his work through donations and his own ZACH token.
For the wider crypto community, this is another warning sign: even relatively small payment tokens on popular networks remain easy prey for attackers if teams cut corners on audits and keep their architecture opaque. For users, it is yet another reminder of a simple rule: do not park all your funds in a single high-risk DeFi project, no matter how promising it looks.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy, and Disclaimers.
Articles by this author
