Recommended

Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
register
BTCC / BTCC Square / D3V1L /
Garden Finance Hit by $5.5M Multi-Chain DeFi Exploit: North Korean Hackers Suspected

Garden Finance Hit by $5.5M Multi-Chain DeFi Exploit: North Korean Hackers Suspected

Author:
D3V1L
Published:
2025-10-31 02:40:03
8
2


In a shocking turn of events, Garden Finance became the latest DeFi protocol to fall victim to a sophisticated multi-chain bridge exploit, losing $5.5 million to hackers - with some analysts suggesting the notorious North Korean group Dangerous Password might be behind the attack. The incident triggered a 64% crash in Garden's native SEED token and revealed deeper issues, as blockchain sleuth ZachXBT uncovered that up to 25% of the protocol's $2B in processed volume may have involved laundering stolen funds from previous hacks. While the team offered a 10% WHITE hat bounty, the hacker remains unresponsive as assets continue being rapidly swapped across chains.

What Exactly Happened in the Garden Finance Exploit?

The attack unfolded on October 30, 2025, when unauthorized withdrawals began draining assets across multiple blockchains including Arbitrum and Solana. Blockchain investigator ZachXBT first spotted the suspicious movements, which initially appeared to total $5.5 million but later estimates suggested losses could exceed $11 million. The hacker utilized Garden's bridge infrastructure to move funds, with MetaMask serving as their wallet interface - choosing speed over cost efficiency in their asset routing strategy.

What makes this particularly messy? About half the Solana-based stolen funds ($2.65M) allegedly came from SwissBorg's reserves, creating an awkward situation where one hack appears to be funding another. The stolen assets included a cocktail of wrapped tokens (WBTC, WETH), SEED tokens, and even bitcoin collateral locked via Lombard Finance. Cyvers Alert later pegged the total at $6 million, though frankly in these multi-chain exploits, pinning down exact figures is like trying to catch smoke with your bare hands.

North Korea's Dangerous Password Group: The Prime Suspects

Multiple blockchain analysts, including tanuki42_, pointed fingers at the North Korean-affiliated hacking collective Dangerous Password. If confirmed, this WOULD mark their third major DeFi exploit this year following the Bybit and Euler Finance incidents. These groups have notably shifted tactics recently - instead of targeting major bridges like Wormhole or Ronin, they're picking off smaller protocols where assets can be swapped faster before freeze orders hit.

ZachXBT's investigation uncovered something even more troubling: Garden Finance appears to have been laundering funds from previous hacks. His on-chain analysis suggests 25% of the protocol's vaunted $2B volume came from tainted sources including the Bybit exploit, SwissBorg theft, and even Chinese organized crime operations. "The Garden team profited six figures in fees from stolen funds moving through their bridge," ZachXBT noted in a message attached to the exploit transactions.

The SEED Token Massacre: 64% Crash in Minutes

While the direct hack losses were bad enough, Garden's native SEED token took an absolute pummeling. Within minutes of the news breaking, SEED cratered 64% to $0.19, leaving its market cap at a pitiful $2.5 million. The token - already one of the smaller assets on Garden's bridge - got absolutely shredded as hackers dumped their loot through DEXs.

Looking at the Uniswap charts was downright depressing - SEED's thin liquidity got completely steamrolled by the sell pressure. It's the DeFi equivalent of watching someone try to empty a swimming pool with a teacup during a hurricane. The BTCC exchange briefly suspended SEED trading as volatility spiked, though other major platforms kept markets open.

White Hat Offer Falls on Deaf Ears

In a MOVE that's becoming standard protocol post-hack, Garden's team reached out offering the hacker a 10% bounty to return the remaining funds. As of our deadline? Crickets. Meanwhile, ZachXBT criticized Garden for allegedly failing to cooperate with returning funds from previous exploits - drawing parallels to ThorChain's controversial handling of the Bybit stolen assets.

The Garden bridge continues operating with $2.5M in daily volume, generating about $2.52M in annualized revenue. But let's be real - after this fiasco, those numbers might start looking as stable as a house of cards in an earthquake zone.

FAQ: Your Burning Questions Answered

How much was stolen in the Garden Finance hack?

Initial estimates suggested $5.5M, but later analysis by ZachXBT and Cyvers Alert indicates losses between $6M-$11M across multiple chains.

Which hacker group is suspected?

Evidence points to Dangerous Password, a North Korean-affiliated cybercrime organization known for previous DeFi exploits.

Why did the SEED token crash so hard?

The token's small market cap ($2.5M) and thin liquidity made it extremely vulnerable to the hacker's rapid asset dumping through DEXs.

Has Garden Finance recovered any funds?

As of October 31, 2025, no funds have been returned despite the team's 10% white hat bounty offer.

Were other protocols affected?

Yes - about 50% of Solana-based stolen funds came from SwissBorg's reserves, connecting this exploit to previous attacks.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.