Our editorial team, comprising leading industry experts and experienced editors, ensures our content is reliable and thoroughly reviewed. Ad Disclosure

Massive Security Breach on GANA Payment Project

Advertisement Banner

GANA Payment, a notable project operating on the BNB Smart Chain, suffered a significant security breach leading to a loss exceeding $3.1 million. An attacker managed to seize control over critical contract rights, as disclosed by recent reports.

The perpetrator funneled a substantial portion of the stolen funds through Tornado Cash on both BSC and Ethereum networks. However, approximately $1 million remains unspent in Ethereum wallets.

Unraveling the Attack: A Detailed Account

Prominent blockchain researcher ZachXBT revealed the breach, noting that the attacker aggregated the stolen assets at the address 0x2e8***5c38. Subsequently, 1,140 BNB, equating to around $1.04 million, was transferred into Tornado Cash on BSC.

The miscreant then moved the funds to Ethereum, routing 346.8 ETH, valued at about $1.05 million, through the same privacy tool.

The Exploitation Process

The GANA Payment project fell victim to exploitation on BSC, with the attacker initially sending 1,140 BNB ($1.04M) via Tornado Cash. Following this, the stolen funds were bridged to Ethereum, where another 346 ETH ($1.05M) was deposited into Tornado Cash.

Currently, around 346 ETH, valued at approximately $1.05 million, remains at the address 0x7a503***b3cca. Security firm HashDit identified the breach’s origin as an unauthorized modification of GANA’s contract ownership, granting the attacker administrative control over staking mechanisms.

GANA’s Emergency Response

GANA Payment released an urgent announcement acknowledging an external attack on their interaction contract, resulting in asset theft. Their technical team, in collaboration with an independent security firm, has launched an emergency investigation to uncover the attack vector.

According to HashDit’s analysis, the attacker exploited the control to trigger unstake operations, releasing more GANA tokens than permissible. These excess tokens were rapidly converted into more liquid assets and laundered through privacy tools. This scenario follows a typical exploitation pattern involving permission manipulation and token extraction.

Market Overview

As of now, the total cryptocurrency market capitalization stands at $3.08 trillion, as per TradingView.

Detection and Immediate Actions

ZachXBT promptly identified the suspicious activities and broadcasted the findings on his Telegram channel. HashDit delved into the contract, pinpointing the altered ownership as the breach’s catalyst.

GANA’s team issued an emergency alert confirming unauthorized activities on their interaction contract. They have engaged an external security firm to conduct a thorough investigation. The project plans to map user addresses and permissions as part of a system reboot, promising to communicate recovery procedures and timelines via official channels.

Warning for Users

HashDit has issued a cautionary alert to users, advising against trading with the GANA token until further notice from the team. Funds have been traced to Tornado Cash, with the root cause identified as ownership alteration.

Commitment to Quality Content

Our Editorial Process at Bitcoinist is dedicated to providing meticulously researched, accurate, and unbiased content. We adhere to stringent sourcing guidelines, ensuring every page is thoroughly reviewed by our team of top technology experts and experienced editors. This rigorous process maintains the integrity, relevance, and value of our content for our audience.