BNB News Today: DeFi's Audit Gaps Let $3.1M Vanish in GANA Heist

The GANA Payment project on BNBBNB-- Smart Chain has become the latest victim of a high-profile exploit, with over $3.1 million in cryptocurrency drained by an attacker who leveraged Tornado Cash to launder the stolen assets across multiple blockchains, according to onchain investigator ZachXBT. The incident, which unfolded on November 20, 2025, underscores the growing risks faced by smaller decentralized finance (DeFi) projects and the challenges of tracking cross-chain thefts .

The attacker consolidated stolen funds at a BSC address, converting most of the assets into BNB before depositing 1,140 BNB-valued at approximately $1.04 million into Tornado Cash on the BNB Smart Chain. This initial move aimed to obscure the trail of the stolen funds . The attacker then bridged a portion of the assets to EthereumETH--, where an additional 346.8 ETH (around $1.05 million) was funneled into Tornado Cash on that network. According to ZachXBT's analysis, a further 346 ETH, worth roughly $1.046 million, remains dormant in an Ethereum address.

GANA Payment, a BEP-20 token project operating primarily through decentralized exchanges and liquidity pools, lacks formal security audits or publicly available technical documentation, leaving it vulnerable to such attacks . The project's token, GANA, plummeted by over 90% in the aftermath of the exploit, as tracked by GeckoTerminal .

The attack follows a pattern observed in other mid-sized BSC-based exploits this year. According to DefiLlama's hacks tracker, smaller projects on the BNB Chain have collectively lost over $100 million in 2025. Similar incidents, including the Future Protocol hack, have been driven by vulnerabilities in smart contracts, liquidity pool drains, and compromised keys . The GANA exploit mirrors these tactics, with the attacker swiftly consolidating, bridging, and mixing funds to evade detection .

Security analysts emphasize the need for rigorous audits and improved contract design to mitigate such risks. "The speed and coordination of this attack highlight the importance of proactive security measures," said a researcher from a blockchain analytics firm. "Projects must prioritize transparency and regular audits to prevent these scenarios."

The use of Tornado Cash, a privacy-focused mixer, has become a recurring theme in DeFi exploits. The service allows users to blend their funds with those of other users, making it difficult to trace the origin of transactions. While the attacker's actions complicate recovery efforts, blockchain monitoring tools and collaboration with exchanges remain critical in tracking suspicious activity .

For now, the attacker controls over $1 million in unlaundered ETH, with no indication of further movement. Recovery appears unlikely, but investigators continue to monitor the wallets involved. The incident serves as a stark reminder of the fragility of DeFi ecosystems, particularly for projects with limited resources and security infrastructure .

GANA Payment exploited for over $3.1 million on BNB Smart Chain: ZachXBT https://www.theblock.co/post/379619/gana-payment-exploit

GANA Payment Hack on BNB Chain Exposes $3.1M Loss as 1,140 BNB Is Tornado-Cashed and Transferred to Ethereum (ETH) https://en.coinotag.com/breakingnews/gana-payment-hack-on-bnb-chain-exposes-3-1m-loss-as-1140-bnb-is-tornado-cashed-and-transferred-to-ethereum-eth

GANA Payment Exploited for $3.1M, Hacker Laundered via Tornado https://coinfomania.com/gana-payment-exploited-for-3-1m-hacker-laundered-via-tornado/

ZachXBT: GANA Payment Hacked, Loss Exceeds $3.1 Million https://www.lookonchain.com/feeds/37770