Back
GANA Payment Suffers $3.1 Million Loss in BSC Exploit

GANA Payment Suffers $3.1 Million Loss in BSC Exploit

SlowMist founder Yu Jian reports the hack stemmed from a leaked Stake contract Owner key, enabling attackers to bypass security checks and withdraw large sums.

ETH
BNB

Fact Check
The assessment is based on two highly relevant and authoritative sources in the Web3 and cryptocurrency space. Both a news report from the crypto exchange Bitget and a report from the Web3-focused outlet PANews corroborate the core claims of the statement. Specifically, they both report that GANA Payment was attacked and suffered losses exceeding $3.1 million. Furthermore, both sources attribute this information to the same well-known blockchain researcher, ZachXBT, which adds significant credibility to the report. The other eight sources provided are completely irrelevant to the topic, containing coincidental keyword matches (e.g., a football player named 'Gana', an unrelated mention of '$3.1 million') or no relevant information at all. There is no conflicting evidence among the relevant sources. While the provided summaries do not explicitly confirm the exploit took place on the Binance Smart Chain (BSC), this detail is a plausible aspect of such a crypto exploit and does not contradict the strongly supported primary claims of the event and the financial loss.
    Reference1
Summary

GANA Payment, a BNB Chain-based payment platform, lost over $3.1 million in a security breach disclosed by SlowMist founder Yu Jian. The exploit was traced to a leaked Stake contract Owner key, which hackers used with the 7702 delegate function to bypass onlyEOA verification and alter transaction rates and fees, enabling large unauthorized withdrawals. Prior reports noted attackers laundered the funds via Tornado Cash and cross-chain transfers to Ethereum, depositing 346 ETH worth $1.046 million while retaining another 346 ETH. The incident highlights critical contract key management vulnerabilities and ongoing risks in cross-chain asset workflows.

Terms & Concepts
  • Binance Smart Chain (BSC): A blockchain network created by Binance, optimized for fast transactions and smart contracts.
  • Tornado Cash: A privacy protocol using smart contracts to obscure cryptocurrency transaction origins.
  • Ethereum (ETH): A decentralized blockchain platform with its native cryptocurrency, Ether, used for transactions and smart contracts.