Key Takeaways
- Garden Finance experienced a significant exploit, resulting in the loss of approximately $5.5 million across multiple blockchains.
- On-chain investigator ZachXBT first identified the unauthorized withdrawals, with potential losses estimated to exceed $10 million.
- Investigators suspect the North Korean hacker group Dangerous Password may be responsible for the attack.
- Garden Finance attempted to engage the hacker by offering a 10% white hat bounty but has not received a response.
- Analysis by ZachXBT suggests Garden Finance’s bridge had been used to launder funds from previous hacks even before this exploit.
Garden Finance Suffers Multi-Chain Exploit, Millions Drained
Garden Finance has fallen victim to a substantial exploit, resulting in the theft of around $5.5 million in assets across various blockchain networks. The breach was initially flagged by on-chain forensic researcher ZachXBT, who observed unauthorized withdrawals. The total value of drained assets could potentially escalate to over $10 million as investigations continue.
Early analysis by cybersecurity experts points towards the possibility of the North Korean state-sponsored hacking group, known as Dangerous Password, being behind this sophisticated exploit. This group has been previously linked to other significant cyberattacks in the cryptocurrency space.
So @gardenfi got hacked for at least $11M+ likely (TBC) by a DPRK-affiliated group known as DangerousPassword.
Somewhat ironically, of the $5.3M which appears stolen on Solana (account: WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH), over 50% is sourced from the @swissborg hack…
— tanuki42 (@tanuki42_) October 30, 2025
The Garden Finance team proactively attempted to negotiate with the perpetrator, extending an offer of a 10% white hat bounty in exchange for the return of the funds and assistance in identifying the vulnerability. However, as of the latest reports, there has been no response from the hacker. ZachXBT also noted that any assets that could be frozen or recalled were being immediately swapped by the attacker.
In a public on-chain message, the Garden Protocol team stated, “We are aware that our systems have been compromised across multiple blockchains, including but not limited to Arbitrum, and assets have been taken from us. In the spirit of resolution, we are offering a 10% reward for your assistance in returning the funds and helping us identify and fix the vulnerability.”
Investigations revealed that the hacker’s wallet utilized MetaMask, a popular but sometimes costly routing solution for swift transactions. Among the swapped assets were significant amounts of Lombard locked BTC, WBTC, wrapped ETH, cbBTC, and SEED tokens, the native cryptocurrency of the Garden Protocol.
Recent Security Incidents in the Crypto Space
The Garden Finance breach highlights ongoing security challenges within the decentralized finance ecosystem. Recent incidents have underscored the need for robust security measures and proactive threat detection.
According to Cyvers Alert, the estimated financial impact of this exploit stands at approximately $6 million. While bridge hacks had seen a relative decrease in frequency in recent months, the involvement of DPRK-linked hackers suggests a continued interest in exploiting smaller protocols for quickly liquidatable assets.
ZachXBT Identifies Garden Finance as a Laundering Platform
Further compounding the issue, ZachXBT brought to light that the Garden Finance protocol had previously been utilized for laundering funds obtained from earlier exploits. Before the platform itself was compromised, ZachXBT observed significant inflows originating from previous high-profile hacks, suggesting that up to 25% of the protocol’s transactional activity was potentially linked to the movement of stolen assets.
The protocol had publicly announced it had surpassed $2 billion in total value locked (TVL). However, ZachXBT’s findings indicated a substantial portion of these deposits originated from illicit sources, including the Swissborg theft, the Bybit hack, and activities linked to organized crime syndicates.
The Garden Finance team profited high 6 figures at minimum in fees generated from stolen funds via their bridge from the Bybit exploit, Swissborg theft, Chinese organized crime and other incidents, ZachXBT communicated, reportedly in reference to the hacker’s bounty calculations. This observation implies that the protocol may have benefited financially from facilitating the movement of stolen cryptocurrency.
ZachXBT also alleged that Garden Finance had not been fully cooperative in recovering previously exploited funds for victims, drawing parallels to ThorChain’s stance on the Bybit exploit, where they also did not freeze the stolen assets.
The Garden Finance bridge reportedly handles around $2.5 million in daily transaction volumes, with annualized revenues estimated at approximately $2.52 million, according to data from DeFi Llama.
Impact on SEED Token and Market Reaction
The exploit had a dramatic immediate effect on the native SEED token of the Garden Protocol. Within minutes of the exploit news breaking, the SEED token experienced a sharp decline, plummeting by over 64%. It dropped to a low of $0.19, with its market capitalization shrinking to just $2.5 million.
The hacker’s rapid liquidation of SEED tokens through decentralized exchanges (DEXs) significantly impacted the token’s already thin market liquidity. This aggressive selling pressure is believed to be the primary cause of the drastic price crash.
Staying informed about these events is crucial for navigating the dynamic cryptocurrency landscape. For insightful analysis and updates directly to your inbox, consider subscribing to relevant newsletters.
Final Thoughts
The Garden Finance exploit represents a significant financial loss and raises serious concerns about the security of cross-chain bridges. The alleged involvement of a state-sponsored hacking group and previous links to laundered funds highlight the complex and evolving threat landscape in DeFi. The incident emphasizes the critical need for enhanced security protocols and due diligence in the cryptocurrency space.