Garden Finance suffered an exploit exceeding $10.8 million across multiple blockchain networks, with on-chain sleuth ZachXBT revealing that over 25% of the platform’s historical activity involved funds stolen from the platform. The breach adds scrutiny to a Bitcoin bridge already facing allegations of facilitating North Korean money laundering operations. An address linked to Garden’s team sent an on-chain message to the alleged exploiter offering a 10% white-hat bounty, though the company has not issued a public statement. All freezeable assets were quickly converted by the attacker through addresses 0x98***D12 on EVM chains and WZy4***JCH on Solana. Source: Telegram/ZachXBT Pattern of Stolen Funds Predates Security Breach Days before the exploit, ZachXBT publicly criticized Garden Finance for ignoring victims seeking fee refunds after the platform processed funds from major hacks, including the Bybit exploit and Swissborg incident. The investigator estimated that more than one-quarter of Garden’s total volume came from illicit sources, with the platform earning six-figure profits from these flows between April and July 2025 alone. The criticism targeted Garden co-founder Jaz Gulati, who had recently celebrated the platform’s growth since its launch two years ago as an evolution of Ren Protocol. ZachXBT stated, “ I sincerely hope a government puts your team in prison with Diddy next cycle for ignoring victims like Bybit after >25% funds bridged are stolen funds. “ When questioned about his stance on permissionless protocols, ZachXBT distinguished Garden from Tornado Cash, noting that only Tornado Cash had passed his decentralization test, as the technology continued to operate after sanctions and arrests. Tornado is the only one of these three that passes my test of being decentralized so the devs have my support (tech continued operating just fine after sanctions / their arrests) Thorchain has a larger organic userbase than Garden. Garden raised the swap limit to 10 BTC… — ZachXBT (@zachxbt) October 28, 2025 He criticized Garden for raising its swap limit to 10 BTC earlier this year, which enabled large-scale abuse by illicit entities, while the team remained silent on returning profits from these transactions. Money Laundering Infrastructure Spans Eight Years According to a detailed investigation on X, Garden Finance operates as the successor to Ren Protocol, founded in 2017 as Republic Protocol in Australia by Taiyang Zhang, Loong Wang, and Jaz Gulati. The original venture raised $67 million through a $33 million ICO and $34 million from venture capital, later rebranding as Ren Protocol and launching RenVM in 2020. This platform facilitated over $13 billion in Bitcoin transactions through bridges during the DeFi boom. Alameda Research acquired Ren in 2021 for $700,000 per quarter, integrating the protocol into Solana’s ecosystem. However, FTX’s collapse in late 2022 forced Ren’s shutdown, leaving $12 million in user Bitcoin stranded. Ren Protocol and Garden Finance are linked to over $540M laundered ZachXBT calls both “money washing machines” The reality is even worse: 2017: the beginning •founded in Australia as Republic Protocol by Taiyang Zhang, Loong Wang, and Jaz Gulati •promised “private… pic.twitter.com/2PhIdqhj3L — StarPlatinum (@StarPlatinumSOL) October 28, 2025 Former Ren developers, led by Susruth Nadimpalli and Gulati, launched Garden Finance in 2023, claiming to offer “ the next generation of Bitcoin transfers ” through atomic swaps, which enable 30-second BTC transactions. Blockchain intelligence firm Elliptic reported that Ren processed over $540 million in illicit funds between 2020 and 2025, with the protocol used by the Conti and Ryuk ransomware groups, as well as North Korea’s Lazarus Group. ZachXBT traced 25 separate hacks that funneled through RenBridge, which served as the preferred path for converting stolen Ethereum into anonymous Bitcoin, ultimately leading Binance to delist REN due to reputational risk. North Korean Operations Dominate Platform Activity Evidence suggests over 75% of Garden’s total volume originated from stolen funds, with $160 million moving through the platform within 48 hours of the $1.4 billion Bybit hack. Garden earned over $300,000 in fees from these flows while liquidity remained controlled by a single dominant node, contradicting claims of decentralization. The laundering pattern follows a consistent path, where stolen Ethereum is swapped for Bitcoin via Garden on Arbitrum or Base networks, mixed through Coinbase’s cbBTC, and then chain-hopped into Solana for the final exit. ZachXBT documented 16 wallets connected to the Bybit hack, executing synchronized six- and seven-figure swaps within minutes, and accused Garden of covering Lazarus Group activity through what he called “ blockchain illiteracy ” and “ willful blindness .” Crypto investigator Tayvano escalated the accusations by alleging that DPRK-based hackers were actively conducting money laundering through Garden. Chat, it’s DPRK. It’s funds stolen from people, projects, protocols in this industry. Stolen from your friends. Its funds stolen to keep the North Korean regime in power & enable them to live their lives of luxury at the expense of North Korean citizens and the world at large. https://t.co/yVCyxSWN1P — Tay (@tayvano_) October 24, 2025 During a heated exchange with Gulati, she stated that the company was undoubtedly aware of DPRK-related discrepancies, yet it did not take user safety or compliance seriously. North Korean hackers stole over $1.3 billion across 47 incidents in 2024 and $2.2 billion in the first half of 2025 alone , funding the regime’s weapons program through elaborate money laundering networks. The post 25% of Garden Finance Funds Linked to Stolen Assets, ZachXBT Reveals appeared first on Cryptonews .
