Another decentralized finance protocol has fallen victim to an elaborate cross-chain heist – this time, Garden Finance, which lost an estimated $6 million in digital assets after hackers executed a coordinated exploit that spread across several blockchains.
The attackers struck without warning, siphoning funds from multiple pools in a series of rapid-fire transactions before investigators could react. Within minutes, tokens including WBTC, USDC, and USDT were drained and converted into Ethereum (ETH), then funneled through different networks using bridging protocols.
Security analysts from Cyvers Alerts, the blockchain forensics firm tracking the incident, say the constant movement of funds has made tracing the assets “extremely complex,” as the hacker uses cross-chain swaps to hide their trail.
So @gardenfi got hacked for at least $11M+ likely (TBC) by a DPRK-affiliated group known as DangerousPassword.
Somewhat ironically, of the $5.3M which appears stolen on Solana (account: WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH), over 50% is sourced from the @swissborg hack…
— tanuki42 (@tanuki42_) October 30, 2025
Many of the stolen coins were “freezable” stablecoins at first – meaning they could have been frozen by issuers like Circle or Tether – but the attacker preemptively converted them into Ethereum to avoid that risk.
The Aftermath: A Plea for Dialogue
In a bid to recover some of the stolen funds, the Garden Finance team published a direct on-chain message addressed to the attacker, asking for cooperation rather than confrontation.
The message offered a 10% bounty for the safe return of the remaining assets and for information about the exploited vulnerability. “We aim to resolve this incident peacefully,” the message stated, urging the hacker to reach out through Discord or Telegram.
The tone echoed a now-common tactic in DeFi: treating exploiters as reluctant security researchers who might accept a negotiated reward instead of laundering the entire haul.
A Familiar Story With New Complexity
Cross-chain attacks like this have become the new frontier in DeFi crime, where vulnerabilities in bridges and liquidity routing allow hackers to drain protocols operating across several blockchains at once.
Unlike single-network hacks, these multi-chain exploits are notoriously difficult to investigate – every bridge adds another layer of obfuscation, every swap another delay for forensic tracking.
Experts at Cyvers note that the incident resembles a growing category of multi-protocol breaches where attackers strike several chains simultaneously to overwhelm monitoring systems.
The Wider Implications
The Garden Finance exploit underscores how fragile decentralized ecosystems remain, even after years of auditing and security upgrades. As DeFi protocols race to add interoperability and faster cross-chain liquidity, the same mechanisms that make these systems attractive to investors also widen their attack surface.
While it’s unclear whether the hacker will respond to the bounty, Garden Finance’s outreach reflects a pragmatic approach – in many past cases, such offers have succeeded where law enforcement could not.
For now, the stolen funds continue to move between chains, the trail growing colder with each transaction.
The DeFi world has seen plenty of breaches this year, but few have captured the escalating danger of cross-chain interdependence as vividly as this one.
Garden Finance now joins a long list of projects learning the hard way that in decentralized finance, the more networks you connect, the more doors you leave open.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Alex is an experienced financial journalist and cryptocurrency enthusiast. With over 8 years of experience covering the crypto, blockchain, and fintech industries, he is well-versed in the complex and ever-evolving world of digital assets. His insightful and thought-provoking articles provide readers with a clear picture of the latest developments and trends in the market. His approach allows him to break down complex ideas into accessible and in-depth content. Follow his publications to stay up to date with the most important trends and topics.
Source: https://coindoo.com/hackers-drain-6-million-from-defi-platform-in-major-cross-chain-heist/