Binance Chain Project GANA Payment Hacked, $3.1M Lost in BNB and ETH

Decentralized finance (DeFi) platform GANA Payment has become the latest victim of a security exploit, after a massive breach across its Binance Smart Chain and Ethereum token pools resulted in $3.1 million worth of funds stolen.

GANA Payment Hacker Transfers $1.04 Million Each in ETH and BNB to Tornado Cash, Continues to Hold 346 ETH

According to on-chain sleuth ZachXBT, the hack unfolded with precision timing and careful execution, with the perpetrators first transferring tokens worth approximately $1.04 million to a BSC address to be swapped into BNB. From there, 1,140 BNB was deposited into the token mixer platform Tornado Cash on the BSC network in an attempt to obscure the transfer.

The hacker didn’t stop there. They bridged the remaining stolen funds to Ethereum before depositing an additional 346.8 ETH ($1.04 million) into Tornado Cash, effectively destroying any trail. 

ZachXBT’s investigation showed a recurring trend, with the attacker gaining initial access through Gana’s BNB Chain infrastructure, then quickly draining funds from token pools to different wallets, moving them to privacy tools, bridging assets across different blockchains to lose trail, and strategically using token mixing services to obscure ownership. Tornado Cash frequently serves as the final traceable destination of stolen crypto.

On-chain transaction logs from BscScan show seven outgoing transactions from the attackers’ BSC address. These included multiple transfers of BUSD-T and small amounts of BNB at fees so low that they are barely registered. This address now holds less than 0.01 BNB (>$10).

Meanwhile, their Ethereum address, which currently holds 346 ETH, has had only one major interaction since receiving the bridged funds, which was an approval transaction for USDT. This suggests that the hacker may be timing their next move.

Gana Payment is a relatively new and small DeFi payments platform deployed on the BSC network. The project, which operates through decentralized exchanges (DEXs) and on-chain liquidity pools, has provided little public technical documentation. Gana is yet to produce the results of any formal audits or detailed security materials on the exploit. Further information on the platform’s underlying vulnerability remains unavailable at press time.

The platform’s native BEP-20 standard token, GANA, has tumbled more than 90% following the incident.

Binance Smart Chain-Based DeFi Projects Have Seen Over $100 Million in Losses From Exploits in 2025

The hack is the latest case in a growing list of mid-sized exploits that have been happening on the BNB Chain this year. According to data from DefiLlama, smaller decentralized finance (DeFi) projects on the blockchain have collectively suffered losses of over $100 million due to various exploits in 2025. Several incidents, such as the Future Protocol hack, stemmed from a mix of smart contract vulnerabilities, liquidity pool drains, and private key compromise attacks.

Security analysts have urged the GANA Payment team to release a detailed post-mortem report on the hack as soon as possible. They have also been urged to halt any compromised contracts, alert users of the incident, and coordinate with crypto exchanges to flag any suspicious wallet activity to recover the funds.

The hacker still holds over $1 million in ETH, but whether that amount will be moved or simply be consolidated in their wallet remains unclear. Investigators such as ZachXBT continue to monitor the wallets for any new activity.

The case is still developing, and we will provide further updates in subsequent articles.