- Hackers drained over $5.5M from Garden Finance across chains.
- SEED token plunged 64% after the exploit triggered mass sell-offs.
- The DPRK-linked group “Dangerous Password” is suspected to be behind the hack.
Garden Finance has become the latest target of a major crypto heist, with hackers siphoning off at least $5.5 million across several blockchains.
The cross-chain bridge exploit has not only rattled investors but also reignited concerns about the security of decentralised finance (DeFi) infrastructure.
Bridge breach spreads across multiple chains
The attack on Garden Finance unfolded swiftly, draining millions in assets from multiple blockchains, including Arbitrum and Solana.
On-chain researcher ZachXBT was the first to identify the unauthorised withdrawals , noting that the losses could ultimately exceed $10 million once all affected chains are accounted for.
According to early reports, the attacker used the MetaMask router, a fast but costly swap tool, to immediately convert stolen tokens, which included wrapped ETH (wETH), wrapped Bitcoin (WBTC), Lombard-locked BTC, cbBTC, and SEED, Garden’s native token, to Ethereum (ETH).
🚨ALERT🚨Our system detected that @gardenfi has been hacked ~$6M across multiple chains.
Most of the stolen funds are in $WBTC , $USDC , $USDT and other digital assets.
However, most of the freezable assets are swapped to $ETH .
Team sent on-chain message to hacker offering 10%… pic.twitter.com/76YbG6aPK7— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) October 30, 2025
The move prevented freezing or recovery efforts, as the assets were instantly dispersed through decentralised exchanges.
Garden Finance later confirmed the breach in an on-chain message, stating that its systems had been compromised across multiple networks.
The team offered a 1 0% white hat bounty to the hacker in exchange for returning the funds and disclosing the vulnerability.
But despite the offer, the attacker has not yet responded.
ZachXBT links the hack to a DPRK-backed group
Investigations led by ZachXBT and other blockchain analysts suggest that the DPRK-affiliated hacker collective “Dangerous Password” could be behind the exploit.
This group has been tied to several recent cross-chain incidents targeting smaller protocols with liquid, fast-swappable assets.
Just days before the Garden breach, ZachXBT accused the protocol of enabling money laundering, claiming that up to 25% of its total fund transfers were connected to previously stolen assets from the Bybit and Swissborg hacks.
Another security researcher, Tayvano, alleged that North Korean hackers had been using Garden’s bridge extensively to move illicit funds.
These findings have cast a shadow over the platform’s recent success.
Earlier this month, Garden Finance proudly announced it had bridged over $2 billion in tokens, but the revelation that a quarter of its traffic may have originated from illicit sources has severely damaged its reputation.
Interestingly, today’s incident carries a note of irony. Garden Finance, once accused of facilitating laundering, has now fallen victim to the very type of attack it was criticised for enabling.
Observers have drawn parallels with THORChain, which was similarly accused of aiding North Korean hackers before being targeted itself.
ZachXBT highlighted this irony in his investigation, stating that the Garden team had profited “high six figures” in fees from illicit transfers but failed to assist victims in past cases.
The exploit, he argued, was a harsh reminder of the risks faced by protocols that neglect compliance and transparency.
With damages estimated between $5.5 million and $10.8 million, and the SEED token in free fall, Garden Finance faces a long road to recovery.
And whether the hacker accepts the 10% bounty or vanishes with the funds, the exploit highlights the urgent need for stronger bridge security, real-time monitoring, and better cooperation between developers and blockchain investigators.
SEED token collapses amid panic
The fallout was immediate. As the hacker dumped stolen SEED tokens into illiquid pools on Uniswap , the price crashed by 64%, plunging to $0.1928 and shrinking its market capitalisation to $2.5 million.
And although the token has slightly recovered to around $0.23, it remains down 57% from yesterday’s close price.
Source: Coingecko
The thin liquidity made the sell-off particularly devastating, eroding investor confidence and intensifying scrutiny of the protocol’s risk controls.
