The cryptocurrency world has been rocked by another significant security breach, as Garden Finance, a DeFi protocol, fell victim to an exploit that saw millions in digital assets stolen. The aftermath is fraught with controversy, from the swift laundering of funds through a privacy mixer to conflicting narratives from the protocol's team and troubling allegations of prior illicit activities.
The Exploit and Fund Laundering
On October 31st, Garden Finance suffered a substantial exploit, with hackers siphoning $10.8 million across multiple blockchains, including Arbitrum, Ethereum, and Solana. Despite an offer of a 10% white-hat bounty by the Garden Finance team, the attackers remained silent. This week, the exploiter began moving the stolen assets, transferring $6.65 million in BNB and ETH to Tornado Cash, a well-known privacy mixer, making recovery prospects dim. Approximately $910,000 in stolen funds reportedly remains in one attacker's address.
Conflicting Narratives and On-Chain Revelations
Adding a layer of complexity to the incident, Garden Finance co-founder Jaz Gulati initially claimed the breach was limited to a third-party solver's "web2 infrastructure," asserting that "no user funds or protocol contracts were affected." However, blockchain investigator ZachXBT quickly challenged this narrative, presenting on-chain evidence. Screenshots of a message from a Garden deployer address directly to the attacker contradicted Gulati's statement, admitting that "our systems have been compromised across multiple blockchains," raising significant questions about the true scope and transparency surrounding the breach.
A History of Controversy: Money Laundering Allegations
The exploit is further complicated by pre-existing allegations against Garden Finance itself. ZachXBT had previously accused the protocol of facilitating money laundering, claiming over 25% of its activity involved illicit funds from major hacks, including the $1.4 billion Bybit breach. This history is particularly notable given Garden Finance was built by former Ren Protocol developers, a platform that previously processed over $540 million in illicit funds. Investigators now suspect the DPRK-linked hacker group "Dangerous Password" may be behind the Garden attack, making the incident a multi-layered case involving alleged prior illicit activity and a major security breach.
