Garden Finance hit for $5.5M in multi-chain DeFi exploit

Garden Finance has been exploited for $5.5M, with assets drained on multiple chains. On-chain researcher ZachXBT first noticed the unauthorized withdrawals. 

The Garden Finance bridge has been exploited for $5.5M, draining assets on multiple chains. ZachXBT noticed the unauthorized withdrawals, which may expand to a total of over $10M. 

Other investigators suggested that the DPRK hacker group Dangerous Password may be behind the bridge exploit. 

So @gardenfi got hacked for at least $11M+ likely (TBC) by a DPRK-affiliated group known as DangerousPassword.

Somewhat ironically, of the $5.3M which appears stolen on Solana (account: WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH), over 50% is sourced from the @swissborg hack…

— tanuki42 (@tanuki42_) October 30, 2025

The team reached out to the hacker, offering a 10% white hat bounty, but there is still no response. ZachXBT noted that all freezable assets are being swapped immediately. 

“We are aware that our systems have been compromised across multiple blockchains, including but not limited to Arbitrum, and assets have been taken from us. In the spirit of resolution, we are offering a 10% reward for your assistance in returning the funds and helping us identify and fix the vulnerability,” wrote the Garden protocol team in the on-chain message.

The hacker’s wallet used MetaMask, a fast but expensive routing solution. Some of the swapped assets include Lombard locked BTC, WBTC, wrapped ETH, cbBTC, and SEED tokens, the native asset of Garden Protocol. 

According to Cyvers Alert, the size of the hack is around $6M. Bridge hacks have been rarer in the past months, and DPRK hackers have attempted to exploit smaller protocols for assets that can be swapped quickly.

ZachXBT points out Garden Finance has been used to launder hacked funds

Just before the Garden exploit, ZachXBT noted the protocol carried inflows from previous hacks. Up to 25% of the protocol’s activity has been linked to laundering stolen funds, coming from Bybit, Swissborg, and other hacks. 

The protocol boasted of breaking above $2B funds, but ZachXBT noted up to a quarter of those deposits came from hacks. 

“The Garden Finance team profited high 6 figures at minimum in fees generated from stolen funds via their bridge from the Bybit exploit, Swissborg theft, Chinese organized crime and other incidents,” wrote ZachXBT in a message to the hacker attached to the exploit transactions. He addressed the hacker for considering Garden’s earnings when estimating his bounty. 

ZachXBT also claimed Garden has not been cooperative in returning known exploit funds to the victims. The case of Garden Protocol follows a similar usage for ThorChain, which refused to freeze or mark funds from the Bybit exploit. 

The Garden Finance bridge carries around $2.5M in daily volumes, with around $2.52M in annualized revenues. 

SEED token crashes by 64%

In addition to the direct outflows from the hack, the SEED token incurred even bigger losses. 

SEED crashed by over 64% within minutes of the news, dropping to $0.19 and a market cap of just $2.5M. SEED is one of the smaller hauls from the bridge, quickly swapped through DEX, and caused the crash. 

The hacker sales crashed the thin market for SEED, which still relies on Uniswap pairs.

If you're reading this, you’re already ahead. Stay there with our newsletter.