Garden Finance, a cross-chain DeFi project, has fallen victim to a suspected hacker attack that drained more than $5.5 million in assets.
The exploit, which occurred across multiple chains, has forced the project to temporarily halt operations and sparked renewed concerns about vulnerabilities in cross-chain protocols.
Garden Finance was likely exploited for $10.8M+ on multiple chains.
An address related to the team sent a message onchain to the alleged exploiter offering a 10% whitehat bounty but has yet to comment publicly on the incident. All freezeable assets were quickly swapped.
Theft… pic.twitter.com/A4il25YiLn
— Vladimir S. | Officer’s Notes (@officer_cia) October 30, 2025
The Garden Finance Breach and What Happened
On-chain data shows that Garden Finance was likely exploited for more than $10.8 million, affecting wrapped Bitcoin (WBTC) and other cross-chain assets.
The attack targeted a weakness in the project’s liquidity pools or swap mechanism, allowing the exploiter to drain funds before the team could respond.
Within hours of detecting the anomaly, Garden Finance’s developers sent an on-chain message to the hacker, offering a 10% white-hat bounty in exchange for returning the funds.
However, there has been no public comment from the team since that offer.
The known theft address has been identified as:
`0x98BCc6c34A489CEfdD9DfA8d792CFEFb02Ea2D12`
and another address tied to the case on non-EVM networks:
`WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH`.
Cross-chain bridges are the single most exploited category in blockchain by tvs (total value stolen), and the data is not even close
$3.82B (about 58% of all defi losses)
Garden finance (@gardenfi) might be joining this stack today with about $5.5M in exploited assets
mostly… pic.twitter.com/co8TB2Qncp
— Brown (@Brown_ux) October 30, 2025
Immediate Aftermath
Shortly after the breach, all freezeable assets were quickly swapped, a typical move by attackers to make stolen funds untraceable.
Blockchain investigator ZachXBT noted that about 25% of Garden Finance’s total fund movements were already tied to previously stolen assets, including incidents connected to Bybit and Swissborg.
The irony wasn’t lost on the community.
Just days before the exploit, ZachXBT had criticized Garden Finance on X (formerly Twitter) for ignoring victims’ requests to return fees from transactions involving stolen funds.
“More than 25% of Garden Finance’s activity is related to stolen assets,” ZachXBT wrote, pointing to the project’s repeated association with compromised wallets.
The Official Response
Following community outcry, Garden Finance’s official X account acknowledged the situation, saying a “compromise involving one of Garden’s solvers” was detected.
The platform was temporarily taken offline as investigations began.
“The impact is limited to the solver’s own inventory, user funds and the Garden protocol are not at risk,” the team stated.
“We’ll share updates as soon as we have more information.”
That claim, however, has been met with skepticism.
Analysts argue that the movement of funds and the scale of the losses suggest the compromise went beyond internal inventory.
we’ve detected a compromise involving one of garden’s solvers.
the app is temporarily offline while we complete a full investigation.
the impact is limited to the solver’s own inventory — user funds and garden protocol are not at risk.
we’ll share updates as soon as we have…
— Garden 🌸 (@gardenfi) October 30, 2025
Cross-Chain Bridges: DeFi’s Weakest Link
Garden Finance’s troubles highlight a long-running issue in decentralized finance, the fragility of cross-chain bridges.
Bridges account for about $3.82 billion, or 58% of all DeFi losses recorded to date.
Bridges are inherently risky.
They often rely on custodial mechanisms like multi-signature wallets or validator sets, creating single points of failure.
When these fail, funds across entire ecosystems can be drained.
For Bitcoin-based DeFi, the risk compounds due to finality mismatches between Bitcoin and EVM chains, sometimes introducing double-spend vectors.
“Zero-Custody” Marketing Meets Real-World Bugs
Garden Finance had branded itself as a “zero-custody, atomic-swap protocol”, a system designed to eliminate trust assumptions between chains.
But as the latest exploit shows, even so-called “trustless” systems can fall apart if a single bug in the swap logic exists.
The project’s promise of atomic security couldn’t hold up under a real-world attack vector.
As of now, the root cause remains under investigation, but experts suggest it likely stems from a vulnerability in the swap contracts used for cross-chain transactions.
This incident arrives at a time when the DeFi community is still grappling with the aftermath of multiple bridge hacks, from Multichain’s $126M exploit to Nomad’s $190M breach.
Each new incident underscores a painful truth: cross-chain interoperability still comes at a heavy cost.
With protocols pushing to connect ecosystems faster than they can secure them, the same patterns repeat, overconfidence, insufficient audits, and complex trust assumptions.
The project’s immediate move to contact the attacker with a 10% white-hat offer mirrors recent approaches from teams like Curve and Euler Finance, both of which later recovered part of their funds.
Whether Garden Finance can do the same remains uncertain.
For now, users have been advised to avoid interacting with the protocol until an official post-mortem report is released.
As investigations continue, the situation serves as yet another reminder that even “trustless” systems still require trust, in their code, in their audits, and in their teams.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!
Source: https://nulltx.com/garden-finance-suffers-cross-chain-exploit-over-5-5-million-lost/