The Garden Finance bridge exploit resulted in $5.5 million in assets drained across multiple chains, including Arbitrum and Solana, first identified by on-chain researcher ZachXBT. The attack may involve the DPRK-affiliated Dangerous Password group, with the protocol offering a 10% white hat bounty for fund recovery.
-
Garden Finance bridge hacked: Unauthorized withdrawals totaling at least $5.5M, potentially up to $11M.
-
On-chain analysis by ZachXBT revealed immediate asset swaps, including wrapped ETH and SEED tokens.
-
SEED token plummeted 64% to $0.19, reducing market cap to $2.5M; 25% of protocol activity linked to laundering from prior hacks like Bybit and Swissborg.
Garden Finance exploit drains $5.5M in crypto assets across chains—uncover the hack details, DPRK links, and token crash. Stay informed on bridge security risks today.
What is the Garden Finance Exploit?
Garden Finance exploit refers to a significant security breach in the protocol’s bridge functionality, where approximately $5.5 million in digital assets were drained from multiple blockchain networks, including Arbitrum and Solana. On-chain researcher ZachXBT first detected the unauthorized transactions, highlighting rapid asset swaps by the attacker to evade tracking. The incident underscores ongoing vulnerabilities in cross-chain bridges, prompting the Garden Finance team to issue an on-chain message offering a 10% white hat bounty for the return of funds and vulnerability disclosure.
How Did the Garden Finance Hack Unfold and Impact Multiple Chains?
The Garden Finance hack began with unauthorized access to the bridge, leading to the extraction of assets such as Lombard-locked BTC, wrapped Bitcoin (WBTC), wrapped Ether (wETH), cbBTC, and SEED tokens, the protocol’s native asset. According to Cyvers Alert, the total value stolen approximates $6 million, though investigators like ZachXBT estimate it could exceed $11 million once all chains are fully assessed. The attacker utilized MetaMask for quick, albeit costly, routing solutions, immediately swapping freezable assets on decentralized exchanges to launder proceeds.
Supporting data from on-chain forensics shows the exploit affected Solana accounts, where over $5.3 million was siphoned, with more than 50% originating from prior incidents like the Swissborg hack. Expert analysis from ZachXBT points to the DPRK-affiliated hacker group Dangerous Password as a likely perpetrator, a pattern seen in recent attacks on smaller protocols for fast-swappable assets. Bridge hacks have declined in frequency over recent months, but this event highlights persistent risks, with the Garden protocol’s daily volume of $2.5 million now under scrutiny for security lapses.
In the protocol’s on-chain response, the team stated: “We are aware that our systems have been compromised across multiple blockchains, including but not limited to Arbitrum, and assets have been taken from us. In the spirit of resolution, we are offering a 10% reward for your assistance in returning the funds and helping us identify and fix the vulnerability.” Despite outreach, the hacker has not responded, and efforts to freeze assets continue amid the swaps.
Frequently Asked Questions
What Caused the Garden Finance Bridge Exploit in 2025?
The Garden Finance bridge exploit in 2025 stemmed from a vulnerability allowing unauthorized withdrawals across chains like Arbitrum and Solana, totaling around $5.5 million. On-chain researcher ZachXBT identified the breach, attributing it potentially to the DPRK-linked Dangerous Password group targeting quick asset swaps. The protocol’s team confirmed the compromise and offered a 10% bounty, but the root cause involves unpatched security flaws in cross-chain operations.
Who Is Behind the Garden Finance Hack and Its Aftermath?
Investigators, including ZachXBT and tanuki42, suggest the DPRK-affiliated Dangerous Password group orchestrated the Garden Finance hack, draining over $11 million in assets recycled from previous breaches like Swissborg. The aftermath includes a 64% crash in the SEED token to $0.19, slashing its market cap to $2.5 million amid thin liquidity on Uniswap pairs. Protocol revenues from laundered funds have drawn criticism for inadequate cooperation in victim restitution.
Key Takeaways
- Scale of the Breach: The Garden Finance exploit drained $5.5 million initially, with potential totals exceeding $11 million across chains, emphasizing bridge vulnerabilities.
- Hacker Tactics: Assets were swiftly swapped via DEXs using MetaMask, including high-value items like wrapped ETH and SEED, complicating recovery efforts.
- Protocol’s History: Up to 25% of Garden Finance’s $2 billion in funds linked to laundering from Bybit and Swissborg hacks; team earned high six figures in fees from illicit activity.
Conclusion
The Garden Finance exploit represents a stark reminder of cross-chain bridge risks in the cryptocurrency ecosystem, with $5.5 million stolen and ties to DPRK hackers amplifying concerns over laundering facilitation. As the SEED token reels from its 64% plunge and the protocol faces scrutiny for past non-cooperation, industry stakeholders must prioritize robust security audits. Looking ahead, enhanced protocols and collaborative forensics could mitigate future Garden Finance hack-like incidents—investors should monitor developments closely for safer DeFi navigation.
So @gardenfi got hacked for at least $11M+ likely (TBC) by a DPRK-affiliated group known as DangerousPassword.
Somewhat ironically, of the $5.3M which appears stolen on Solana (account: WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH), over 50% is sourced from the @swissborg hack…
— tanuki42 (@tanuki42_) October 30, 2025
