Recommended

Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
register
BTCC / BTCC Square / N4k4m0t0 /
Garden Finance Loses $5.5M in Multi-Chain DeFi Hack: North Korea-Linked Group Suspected

Garden Finance Loses $5.5M in Multi-Chain DeFi Hack: North Korea-Linked Group Suspected

Author:
N4k4m0t0
Published:
2025-10-31 05:10:03
18
2


Garden Finance, a decentralized finance (DeFi) protocol, suffered a $5.5 million exploit across multiple blockchains, with suspicions pointing to the North Korean hacker group "Dangerous Password." The breach involved unauthorized withdrawals via the protocol’s bridge, draining assets like WBTC, WETH, and SEED tokens. On-chain sleuth ZachXBT first flagged the incident, noting potential ties to earlier hacks like Swissborg and Bybit. The SEED token plummeted 64% post-hack, while Garden’s team offered a 10% bounty for fund recovery—but the hacker remains silent. Here’s a DEEP dive into the attack, its fallout, and what it reveals about DeFi’s vulnerabilities.

How Did the Garden Finance Exploit Unfold?

The attack began with unauthorized withdrawals from Garden’s multi-chain bridge, siphoning $5.5 million in assets across Arbitrum, Solana, and Ethereum. Blockchain analyst ZachXBT first spotted the suspicious transactions, which totaled over $10 million when accounting for linked exploits. The hacker’s wallet (e.g., solana address WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH) used MetaMask for rapid, high-fee swaps, targeting liquidity pools with Lombard-locked BTC and SEED tokens. Cyvers Alert later pegged losses at $6 million, citing "classic bridge vulnerabilities."

Why Is North Korea’s "Dangerous Password" Suspected?

Investigators linked the attack to the notorious North Korean group Dangerous Password due to:

  • Modus Operandi: The group’s preference for cross-chain swaps and fast laundering matches this exploit.
  • Historical Ties: ZachXBT noted Garden’s prior inflows from hacked funds (e.g., Bybit, Swissborg), suggesting the protocol was already a money-laundering hub. Up to 25% of its $2B TVL allegedly came from illicit sources.

"Garden Finance profited six-figure sums from handling stolen funds," ZachXBT wrote in an on-chain message to the hacker, criticizing the team’s lack of cooperation in freezing tainted assets.

What Was the Immediate Impact on SEED Token?

The native SEED token crashed 64% within minutes of the hack’s disclosure, hitting $0.19 (market cap: $2.5M). Thin liquidity on Uniswap exacerbated the drop as panic selling erupted. "SEED was always a low-cap, high-risk play—this hack just exposed its fragility," remarked a BTCC analyst. Trading volumes spiked 300% on BTCC and other exchanges amid the chaos.

How Did Garden Finance Respond?

The team’s on-chain message offered a 10% bounty for fund recovery and漏洞修复帮助, but the hacker ignored the offer. Critics compared Garden’s sluggish response to THORChain’s handling of the Bybit exploit, where funds were similarly unsecured. Meanwhile, ZachXBT urged freezing remaining assets, but Garden’s bridge continues processing $2.5M daily.

Are Bridge Hacks Still a Major Threat?

While bridge exploits have declined since 2023’s peak (e.g., Nomad, Wormhole), North Korean groups now target smaller protocols like Garden for quicker asset conversion. "They’re avoiding high-profile chains with better monitoring," noted CoinMarketCap data. This attack underscores DeFi’s need for:

  • Real-time anomaly detection
  • Multi-sig bridge upgrades
  • Cross-chain blacklisting

FAQ: Key Questions Answered

How much was stolen in the Garden Finance hack?

Confirmed losses are $5.5M, but ZachXBT estimates over $10M when including linked exploits.

Was any money recovered?

No. Garden’s 10% bounty offer yielded no response from the hacker as of October 30, 2025.

Why did SEED token crash so hard?

Low liquidity and panic selling on DEXs like Uniswap triggered a 64% drop. SEED’s small market cap ($2.5M) made it hypersensitive.

Is my crypto safe on Garden Finance now?

This article does not constitute investment advice. While the team claims to have patched vulnerabilities, users should exercise extreme caution with bridged assets.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.