Garden Finance Hack

On October 30, 2025, Garden Finance, a Bitcoin-focused cross-chain bridge protocol, was drained of an estimated $10.8 million (later put at about $11.4 million in an Ernst & Young forensic review) after one of its largest independent solvers was compromised. Solvers are market-maker entities that hold multi-chain inventory and fulfil cross-chain swap orders; the attacker gained unauthorized access to the solver’s operating environment and emptied its holdings across several networks, with EY citing suspicious SSH logins from IP addresses indicative of Japan and China. The team insisted the Garden protocol itself and user funds were unaffected, took the app offline, and offered a 10% white-hat bounty, but investigator ZachXBT disputed the framing, tracing gas-funding and on-chain messages that, he argued, linked the solver to Garden’s founding team and revived earlier allegations that the protocol had processed laundered funds, including proceeds of the Bybit hack. ZachXBT and Cyvers attributed the attack to the DPRK-linked group Dangerous Password. The SEED token collapsed about 64% as the attacker dumped it into thin liquidity. The case underscores that bridge security extends beyond smart contracts to the operational and key-management hygiene of off-chain solver infrastructure.