Gana Payment Hack Drains $3.1M in Major BSC Exploit Shocking DeFi

How the Gana Payment Hack Used an EIP-7702 Exploit to Drain $3.1M Fast

What happens when a new crypto project is hit before it has even settled into the market? That’s what we saw with the Gana Payment Hack, where more than $3.1 million was drained from the platform on BNB Smart Chain in the early hours of the morning. 

The project, launched only nine days ago, experienced a complete collapse after the attack. Its token price fell over 90%, leaving investors shocked and scrambling for answers.

How the Attacker Pulled Off the Exploit

The Gana payment hack took place yesterday around 5 a.m. UTC, a time when crypto activity is usually slow. The attacker used an unusual method involving EIP-7702, a feature meant for secure wallet delegation. Instead of using it normally, the hacker found a way to abuse it. 

This allowed them to take control of the GANA Payment smart contract and manipulate the reward mechanism inside a PancakeSwap pool. They inflated rewards and drained liquidity, thus successfully stealing a large number of tokens within an extremely short period of time.

Source: X (formerly Twitter) 

After gathering all the funds, the attacker forwarded them to a main wallet address:

0x2e8a8670b734e260cedbc6d5a05532264aae5c38

This is where the second part of the attack-the money laundering phase-started.

How the Stolen Funds Were Moved and Hidden

• To cover their tracks, the attacker first sent 1,140 BNB (worth approximately $1.04M) into Tornado Cash on BSC. 

• Tornado Cash is a widely used privacy tool to mix funds and break transaction trails. 

• Once the BNB was washed, the attacker bridged the remaining stolen assets to Ethereum.

• On Ethereum, the laundering continued. Another 346.8 ETH, worth about $1.05 million, was pushed through Tornado Cash again. 

Even after sending these large amounts, the exploiter still holds around 346 ETH (worth about $1.04 million) in another wallet: 0x7a503e3ab9433ebf13afb4f7f1793c25733b3cca

At the time of writing, these funds remain untouched.

Token Price Drops Over 90% in Minutes

Before the hack, the project was slowly building interest in the community. Many users thought the project had potential as a DeFi payment solution. But the Gana Payment Hack changed everything in an instant.

Source: CMC

The chart for the Gana project has a straight downfall with a big red candle indicating heavy selling and panic. This sudden collapse wiped out almost the whole value of the token in minutes. 

Team Promises Investigation and Next Steps

Following the attack, GANA Payment's team posted on X, stating they are starting a full investigation. They also mentioned plans for compensation for affected users and possibly rebooting the project. 

Trust remains extremely low, however, not least because the project launched without a public audit-a course of action that likely made the exploit easier.

A Reminder of the Risks in DeFi

The Gana Payment Hack is a reminder that the DeFi space indeed carries some actual risks: promising new projects may look bright, but without strong security and audits in place, users can lose everything in just a moment. This incident really shows why investors must be careful and research projects carefully, never ignoring warnings about safety.