The GANA Payment project suffered a major security breach on Wednesday, losing more than $3.1 million in an attack that pushed the small BNB Smart Chain token into a deep crisis, according to onchain analyst ZachXBT.
Blockchain data shows the attacker gathered the stolen assets at a BSC address labeled “0x2e8…e5c38,” where most of the funds were converted into BNB. The first leg of the laundering trail involved 1,140 BNB, worth about $1.04 million, being deposited into Tornado Cash on BSC to break transaction traces.
ZachXBT reported that the exploiter then shifted the remaining assets to Ethereum through a cross-chain bridge. Once there, they sent another 346.8 ETH, valued at around $1.05 million, into Tornado Cash. A separate batch of 346 ETH worth roughly $1.046 million is still sitting untouched at an Ethereum address identified as “0x7a5…b3cca.”
GANA Payment is a small payment-focused token project built on the BEP-20 standard. It relies on decentralized exchanges and onchain liquidity, and public documentation about the project is limited. No security audits or technical reports have been released, leaving the nature of the vulnerability unclear.
Market data from GeckoTerminal shows the GANA token lost more than 90 percent of its value following the exploit, wiping out most of its liquidity within hours.
This incident fits a broader pattern of attacks seen across the BNB Smart Chain this year. DefiLlama’s hack tracker reports that smaller BSC projects have already lost more than $100 million in 2025. Several of these cases, including the Future Protocol breach, involved contract flaws, liquidity drains, or compromised private keys.
The GANA Payment hack mirrors many of those earlier events, with a fast drain of funds, quick consolidation, cross-chain transfers, and final attempts at obfuscation through Tornado Cash.
As the investigation continues, the attack highlights once again how vulnerable lightly documented and unaudited crypto projects remain in an increasingly targeted ecosystem. It is a reminder for investors and developers alike to prioritize transparency and security before building momentum.
