Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to on-chain security analyst ZachXBT, the payment project GANA Payment on the BSC chain was attacked a few hours ago, resulting in an estimated loss of $3.1 million. The attacker has deposited 1,140 BNB (around $1.04 million) into Tornado Cash on BSC, and transferred funds to Ethereum via a cross-chain bridge. Of these funds, 346.8 ETH (around $1.05 million) has also been deposited into Tornado Cash on Ethereum. Currently, another 346 ETH (about $1.046 million) remains idle in an Ethereum address starting with 0x7a. Attack method (per SlowMist): Unknown. Reported loss: $ 3,100,000.
- chain
- ethereum
- protocol
- GANA Payment
- bug_class
- unknown
- date_occurred
- 2025-11-20
- loss_usd
- $3,100,000
- source_id
- sm:gana-payment::2025-11-20