Garden Finance suffered an attack across multiple blockchain networks, resulting in losses exceeding $10.8 million. On-chain detective ZachXBT revealed that more than 25% of the platform's historical transaction activity involved stolen funds, bringing further scrutiny to this Bitcoin cross-chain bridge, which has already faced allegations of aiding North Korean money laundering. Although the Garden team has offered a 10% white-hat bounty to the attackers, the company has yet to make a public statement, and the attackers have swiftly converted all frozen assets.
Before the Security Vulnerability: The platform was accused of profiting from illegal funds
A few days before the security vulnerability occurred, ZachXBT publicly criticized Garden Finance for ignoring victims seeking a refund of fees, as the platform handled funds from major hacking incidents such as the CEX attack and the Swissborg incident.
- Proportion of Illegal Funds: Investigators estimate that over a quarter of the total transaction volume of Garden Finance comes from illegal sources, with the platform earning a six-figure profit from these flows alone between April and July of 2025.
- Amplifying Money Laundering Risks: ZachXBT criticized Garden co-founder Jaz Gulati for raising the exchange limit to 10 BTC earlier this year, which created conditions for illegal entities to engage in large-scale abuse, while the team remained silent about returning the profits obtained from these transactions.
Uncovering the Dark History of Garden Finance: Ren Protocol's “Successor”
According to a detailed investigation on X, Garden Finance is considered the successor to Ren Protocol, which was originally established in Australia in 2017. The network has been embroiled in money laundering controversies for years.
- Historical Development:
- 2017: Originally established as Republic Protocol, it raised 67 million dollars through ICO and venture capital.
- 2020: Renamed to Ren Protocol, launched RenVM, facilitating over $13 billion in Bitcoin transactions through cross-chain bridges during the DeFi boom.
- End of 2022: The FTX collapse led to the closure of Ren, leaving $12 million of user Bitcoin assets stranded.
- 2023: Former Ren developers launched Garden Finance, claiming to provide “next-generation Bitcoin transfers” through atomic swaps.
- Money Laundering Infrastructure: Blockchain intelligence firm Elliptic reports that Ren Protocol processed over $540 million in illegal funds between 2020 and 2025, which were used by ransomware organizations such as Conti and Ryuk, as well as North Korea's Lazarus Group.
North Korean Hackers Dominate Platform Activities: Money Laundering Path Emerges
There is evidence that over 75% of the total transaction volume of Garden comes from stolen funds.
- Lazarus Group Suspicions: Within 48 hours of the Bybit $1.4 billion attack incident, $160 million in funds flowed through the platform, with Garden earning over $300,000 in fees from this traffic.
- Centralized Control: Despite claiming to be decentralized, liquidity is controlled by a single dominant node, which is contrary to the facts.
- Money Laundering Route: The money laundering model follows a consistent path: stolen Ethereum is exchanged for Bitcoin via Garden on the Arbitrum or Base network, then mixed through the mainstream CEX's cbBTC, and finally cross-chain to Solana for the final exit.
- Government Weapon Funds: North Korean hackers stole over 1.3 billion dollars through 47 incidents in 2024, and 2.2 billion dollars in just the first half of 2025. These funds were used to finance the regime's weapon programs through a complex money laundering network.
Conclusion
The security vulnerabilities of Garden Finance and the subsequent exposure of its on-chain black history have not only dealt a severe blow to its operations but also sounded the alarm for cross-chain bridge security and Anti-Money Laundering (AML) compliance once again. A platform that claims to be committed to decentralization and security is accused of profiting from large-scale illegal activities while being aware of it and potentially providing a channel for funding to North Korean hackers, undoubtedly harming the reputation of the entire DeFi industry. With tightening regulations, the future of such platforms faces immense uncertainty and legal risks.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
The New York Times reignites the “Satoshi identity mystery”—Adam Back quickly clears things up after being targeted
Author: Nancy, PANews
Satoshi Nakamoto’s real identity remains the mystery that has persisted for 17 years in the crypto world. Speculation about this pseudonym has never stopped—candidates have ranged from cryptographers to corporate founders—but there has always been a lack of evidence to definitively settle the matter.
Recently, The New York Times published a multi-thousand-word investigation that, based on multiple comparisons drawn from linguistic style, technical pathways, and historical context, listed Blockstream CEO Adam Back as the strongest candidate for Satoshi Nakamoto. However, the claim was quickly and clearly denied by Back himself, and the relevant arguments were widely questioned by the industry as difficult to substantiate.
Satoshi Nakamoto identity controversy flares up again, with the investigation targeting Adam Back
In this investigation, The New York Times reporter John Carreyrou spent more than a year and a half deeply sorting through archives spanning decades, as well as the cryptographic punk email list, to
区块客26m ago
BTC 15-minute drop of 0.45%: Aggressive sell-side orders lead, layered with weakening liquidity at the margin, amplifying volatility
2026-04-11 23:00 to 2026-04-11 23:15(UTC), BTC’s return over 15 minutes was -0.45%, and the price fluctuated within the range of 72907.4 to 73370.7 USDT, with a swing amplitude of 0.63%. During this period, market activity remains at a high level, but the price anomaly has drawn investors’ short-term attention. Overall trading sentiment is slightly cautious, and volatility is marginally higher than usual.
The main driver behind this anomaly is that active sell orders have a slight advantage, causing a short-term downward adjustment in price. Combined with a modest increase in trading volume for major trading pairs and spot
GateNews32m ago
Bitcoin and Ether ETFs See $443 Million Inflows as Crypto Demand Picks Up
U.S. spot Bitcoin and Ether ETFs saw significant inflows, totaling $443.3 million on April 9, indicating renewed institutional interest in crypto funds. Bitcoin ETFs led with $358.1 million, driven by BlackRock's iShares, while Ether ETFs gained $85.2 million, primarily from BlackRock’s ETHA. This surge reflects a shift in investor sentiment and confidence in the crypto market.
CryptometerIo2h ago
Strategy Single-day frenzy snapping up 3,468 bitcoins! STRC’s “print money to buy coins” firepower is fully turned on, with total holdings nearing 770k BTC
Strategy, led by Michael Saylor, on April 10 alone, is estimated to have gone on a buying spree of 3,468 bitcoins by issuing STRC preferred shares, with its total holdings nearing 770k BTC. STRC offers an annualized return of up to 11.5%, helping it continue to expand its capital base and become the world’s largest bitcoin holder.
動區BlockTempo3h ago
