Verify a decision

{"actor":"system:backfill","investigation_id":"f6f7d21c-80a9-499d-a2cc-0de47fa985d9","kind":"publish","page_slug":"gana-payment","published_at":"2026-05-18T23:34:57.004Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"GANA Payment","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"GANA Payment was a BNB Smart Chain payment-focused DeFi project (BEP-20 token) that launched on November 11, 2025 and was exploited nine days later on November 20, 2025, resulting in losses exceeding $3.1 million. On-chain investigator ZachXBT confirmed the attack, which involved a compromised deployer private key combined with abuse of EIP-7702 to drain the project's staking contract; stolen funds were subsequently laundered through Tornado Cash on both BSC and Ethereum. The GANA token lost over 90% of its value within 24 hours of the exploit.","timeline":[{"date":"2025-11-11","event":"GANA Payment launches on BNB Smart Chain with GANA BEP-20 token and staking contract; no security audit published.","source":"","source_url":"https://rekt.news/gana-payment-rekt"},{"date":"2025-11-20","event":"Exploit occurs: attacker leverages compromised deployer private key and EIP-7702 abuse to drain $3.1M from GANA staking contracts on BSC.","source":"","source_url":"https://www.banklesstimes.com/articles/2025/11/20/gana-payment-drained-for-3-1m-in-bsc-exploit-zachxbt-confirms/"},{"date":"2025-11-20","event":"ZachXBT publicly discloses the exploit via Telegram; identifies consolidation wallet 0x2e8a8670b734e260cedbc6d5a05532264aae5c38 and Tornado Cash laundering on BSC (1,140 BNB, ~$1.04M).","source":"","source_url":"https://www.theblock.co/post/379619/gana-payment-exploit"},{"date":"2025-11-20","event":"Attacker bridges funds to Ethereum and deposits 346.8 ETH (~$1.05M) into Tornado Cash in incremental batches; ~346 ETH remains dormant in attacker wallet.","source":"","source_url":"https://coinfomania.com/gana-payment-exploited-for-3-1m-hacker-laundered-via-tornado/"},{"date":"2025-11-20","event":"GANA token collapses over 90% from ~$2.98 to ~$0.31 within 24 hours of exploit disclosure.","source":"","source_url":"https://www.banklesstimes.com/articles/2025/11/20/gana-payment-drained-for-3-1m-in-bsc-exploit-zachxbt-confirms/"},{"date":"2025-11-20","event":"GANA Payment team announces engagement of third-party security firm and pledges comprehensive reboot plan; no specific team members identified publicly.","source":"","source_url":"https://nulltx.com/gana-payment-hit-by-3-1m-exploit-as-attacker-launders-funds-across-chains/"},{"date":"2025-11-20","event":"Hacken publishes technical post-mortem detailing EIP-7702 exploit mechanism, eight coordinated theft addresses, and `setRatesPerSec` rate inflation attack.","source":"","source_url":"https://hacken.io/insights/gana-payment-hack-explained/"}]},"v":1}