Blockchain investigator ZachXBT disputed Garden Finance’s explanation of a $10.8 million exploit on Oct. 30 after tracing on-chain evidence that linked the compromised solver directly to the protocol’s founding team.
ZachXBT posted at 13:33 UTC that Garden Finance “was likely exploited for $10.8M+ on multiple chains.” He identified the theft address as 0x98BC…2D12 on Ethereum and WZy4xx…BJCH on Solana.
An address related to the team sent an on-chain message offering a 10% white hat bounty to the exploiter. All freezeable assets were swapped immediately.
Garden Finance posted at 17:29 UTC that it detected “a compromise involving one of garden’s solvers.”
The team stated the app went offline temporarily and claimed “the impact is limited to the solver’s own inventory.” They mentioned that “user funds and garden protocol are not at risk.”
Team member Punkaj reinforced the message by stating that “Garden has NOT been hacked. One of the solvers was compromised; the impact is limited to the solver’s own inventory.”
Chain solvers are specialized entities that execute cross-chain transactions in bridge protocols. When a user wants to move assets from one blockchain to another, solvers provide liquidity by fulfilling the order on the destination chain.
They hold an inventory of various tokens across multiple networks and profit from fees charged for completing swaps.
Garden Finance operates as a cross-chain bridge. It that relies on these solvers to facilitate transfers between blockchains, such as Bitcoin, Ethereum, and Solana.
On-Chain Evidence Contradicts Team Claims
ZachXBT responded that a Garden deployer address messaged the attacker on-chain and “directly stated it is yours.”
The message shown in the on-chain transaction read,
“We are aware that our systems have been compromised across multiple blockchains, including but not limited to Arbitrum, and assets have been taken from us.”
10% reward has been offered for returning funds.
ZachXBT stated Garden was
“…likely just trying to downplay the incident to make it look like a team member does not operate the main solver.”
The deployer address that sent the message belonged to Garden’s official infrastructure, as indicated by the transaction history.
Blockchain investigator Tanuki42 traced the initial gas funding on the compromised solver address. He posted “Backtracing the initial gas funding on the compromised solver address is interesting… Seems likely the compromised solver is not as unrelated to Garden Finance as is claimed.”
The gas funding trail revealed that the compromised solver received its initial funding through addresses linked to the Ren protocol.
Garden founder Jaz Gulati previously worked at Ren before launching Garden Finance. The flow diagram illustrated how funds were transferred from a KeeperDAO treasury address through a Ren deployer to the solver, which was later compromised.
Google search results confirmed Gulati’s association with both Ren Labs and KeeperDAO as co-founder and CEO.
Previous Allegations of Processing Stolen Funds
ZachXBT referenced earlier criticism he posted on Oct. 28. He stated Garden Finance ignored victims after “an estimated >25% of their total activity for Garden Finance has related to stolen funds (Bybit exploit, Swissborg, etc).”
He wrote to Gulati:
“I sincerely hope a government puts your team in prison with Diddy next cycle for ignoring victims like Bybit after >25% funds bridged are stolen funds.”
When questioned about other bridging services, ZachXBT explained Tornado Cash “passes my test of being decentralized so the devs have my support.”
He noted that “Garden raised the swap limit to 10 BTC earlier this year, and it has since had a few illicit entities abusing large swaps.”
His main issue was Garden’s “silence to return the 6-7 figs in profits from the illicit actors flooding them.”
Garden Finance remained offline as of press time, and the vulnerability that led to the exploit was not revealed. The on-chain evidence tying the compromised solver to the team through Ren protocol gas funding contradicts claims that the exploit only affected an external third-party solver.