Crypto Journalist
Anas Hassan
Crypto Journalist
Anas Hassan
Share
Garden Finance suffered an exploit exceeding $10.8 million across multiple blockchain networks, with on-chain sleuth ZachXBT revealing that over 25% of the platform’s historical activity involved funds stolen from the platform.
The breach adds scrutiny to a Bitcoin bridge already facing allegations of facilitating North Korean money laundering operations.
An address linked to Garden’s team sent an on-chain message to the alleged exploiter offering a 10% white-hat bounty, though the company has not issued a public statement.
All freezeable assets were quickly converted by the attacker through addresses 0x98***D12 on EVM chains and WZy4***JCH on Solana.
Pattern of Stolen Funds Predates Security Breach
Days before the exploit, ZachXBT publicly criticized Garden Finance for ignoring victims seeking fee refunds after the platform processed funds from major hacks, including the Bybit exploit and Swissborg incident.
The investigator estimated that more than one-quarter of Garden’s total volume came from illicit sources, with the platform earning six-figure profits from these flows between April and July 2025 alone.
The criticism targeted Garden co-founder Jaz Gulati, who had recently celebrated the platform’s growth since its launch two years ago as an evolution of Ren Protocol.
ZachXBT stated, “I sincerely hope a government puts your team in prison with Diddy next cycle for ignoring victims like Bybit after >25% funds bridged are stolen funds.“
When questioned about his stance on permissionless protocols, ZachXBT distinguished Garden from Tornado Cash, noting that only Tornado Cash had passed his decentralization test, as the technology continued to operate after sanctions and arrests.
He criticized Garden for raising its swap limit to 10 BTC earlier this year, which enabled large-scale abuse by illicit entities, while the team remained silent on returning profits from these transactions.
Money Laundering Infrastructure Spans Eight Years
According to a detailed investigation on X, Garden Finance operates as the successor to Ren Protocol, founded in 2017 as Republic Protocol in Australia by Taiyang Zhang, Loong Wang, and Jaz Gulati.
The original venture raised $67 million through a $33 million ICO and $34 million from venture capital, later rebranding as Ren Protocol and launching RenVM in 2020.
This platform facilitated over $13 billion in Bitcoin transactions through bridges during the DeFi boom.
Alameda Research acquired Ren in 2021 for $700,000 per quarter, integrating the protocol into Solana’s ecosystem.
However, FTX’s collapse in late 2022 forced Ren’s shutdown, leaving $12 million in user Bitcoin stranded.
Former Ren developers, led by Susruth Nadimpalli and Gulati, launched Garden Finance in 2023, claiming to offer “the next generation of Bitcoin transfers” through atomic swaps, which enable 30-second BTC transactions.
Blockchain intelligence firm Elliptic reported that Ren processed over $540 million in illicit funds between 2020 and 2025, with the protocol used by the Conti and Ryuk ransomware groups, as well as North Korea’s Lazarus Group.
ZachXBT traced 25 separate hacks that funneled through RenBridge, which served as the preferred path for converting stolen Ethereum into anonymous Bitcoin, ultimately leading Binance to delist REN due to reputational risk.
North Korean Operations Dominate Platform Activity
Evidence suggests over 75% of Garden’s total volume originated from stolen funds, with $160 million moving through the platform within 48 hours of the $1.4 billion Bybit hack.
Garden earned over $300,000 in fees from these flows while liquidity remained controlled by a single dominant node, contradicting claims of decentralization.
The laundering pattern follows a consistent path, where stolen Ethereum is swapped for Bitcoin via Garden on Arbitrum or Base networks, mixed through Coinbase’s cbBTC, and then chain-hopped into Solana for the final exit.
ZachXBT documented 16 wallets connected to the Bybit hack, executing synchronized six- and seven-figure swaps within minutes, and accused Garden of covering Lazarus Group activity through what he called “blockchain illiteracy” and “willful blindness.”
Crypto investigator Tayvano escalated the accusations by alleging that DPRK-based hackers were actively conducting money laundering through Garden.
During a heated exchange with Gulati, she stated that the company was undoubtedly aware of DPRK-related discrepancies, yet it did not take user safety or compliance seriously.
North Korean hackers stole over $1.3 billion across 47 incidents in 2024 and $2.2 billion in the first half of 2025 alone, funding the regime’s weapons program through elaborate money laundering networks.
https://cryptonews.com/news/garden-finance-exploit-drains-over-10m-across-multiple-chains/
