Garden Finance, a Bitcoin-native DeFi bridge, reportedly suffered an exploit resulting in over $5 million in losses on Thursday, 2025. While the team claims only a single solver was compromised and user funds are secure, blockchain investigator ZachXBT disputes this with on-chain evidence indicating a broader breach across multiple chains.
Garden Finance co-founder denies full hack, attributing the incident to one compromised solver and assuring user funds remain safe.
ZachXBT counters with an on-chain message from Garden’s deployer wallet, suggesting compromises on Ethereum, Arbitrum, and other blockchains.
PeckShield reports stolen assets totaling about $5.8 million held in five addresses, highlighting ongoing DeFi bridge vulnerabilities in 2025.
Garden Finance exploit sparks debate: Was it a limited solver breach or a major hack? Dive into conflicting claims from the team and ZachXBT, plus impacts on Bitcoin DeFi. Stay informed on cross-chain security—read now for key insights and updates.
What is the Garden Finance Exploit?
The Garden Finance exploit refers to a security incident that occurred on Thursday, 2025, affecting the Bitcoin-native DeFi bridge protocol, leading to losses exceeding $5 million. The project’s team maintains that the breach was isolated to a single solver—a mechanism for facilitating cross-chain swaps—and did not compromise the core protocol or user funds. However, prominent blockchain investigator ZachXBT has challenged this narrative, presenting on-chain evidence that points to a more extensive compromise involving multiple blockchains.
Tension is rising around Garden Finance following reports of this exploit. The platform, designed to enable seamless cross-chain interactions starting from Bitcoin, has been temporarily taken offline for investigation. This event underscores the persistent risks in decentralized finance infrastructure, particularly in bridging assets across disparate networks.
Why Are There Conflicting Accounts of the Garden Finance Exploit?
Garden Finance’s co-founder, identified as @punkaj on X, stated that “Garden has NOT been hacked,” emphasizing that the issue was confined to one solver’s inventory. “The impact is limited to the solver’s own inventory. Protocol, users, and their funds remain safe,” he added in a post on X. The team has advised users to refrain from interacting with the protocol until further notice.
However, ZachXBT, a well-known figure in blockchain forensics, disputed these claims by sharing a screenshot of an on-chain message purportedly from a Garden deployer address. The message, recorded on Ethereum block 23,690,488, states that Garden’s systems “have been compromised across multiple blockchains, including but not limited to Arbitrum,” and proposes a 10% white-hat bounty for returning the stolen assets. “This looks like an attempt to downplay the incident,” ZachXBT commented, raising questions about whether the affected solver was operated by a Garden team member.
Source: X
Security firm PeckShield, renowned for its blockchain monitoring, has been tracking the incident. Their preliminary analysis identifies five wallet addresses holding approximately $5.8 million in pilfered assets, primarily in stablecoins and wrapped tokens. This data aligns with reports of unauthorized transactions spanning Ethereum and Arbitrum, prompting concerns about the exploit’s scope.
The discrepancy between the team’s statements and on-chain evidence has fueled speculation within the crypto community. Blockchain bridges like Garden Finance rely on solvers to execute atomic swaps across chains, often using liquidity pools managed by third parties or internal operators. If a solver is compromised, it could theoretically expose broader vulnerabilities, such as private key mismanagement or smart contract flaws. Experts, including those from PeckShield, note that such incidents are not uncommon in DeFi, with over $1.5 billion lost to bridge exploits in the past two years according to aggregated data from Chainalysis reports.
Source: X
In the message shared by ZachXBT, the deployer address explicitly acknowledges the multi-chain nature of the breach, which contradicts the team’s public minimization. This has led to calls for greater transparency from Garden Finance, with community members on platforms like X urging an independent audit. As a Bitcoin-native project, Garden aimed to bring DeFi liquidity to BTC holders, but this exploit highlights the challenges of securing cross-chain operations without centralized oversight.
Frequently Asked Questions
Was the Garden Finance Exploit Limited to One Solver?
The Garden Finance team asserts that the exploit was isolated to a single solver, ensuring no direct impact on user funds or the protocol’s core. They have paused operations for a thorough review. However, on-chain evidence from ZachXBT suggests involvement across multiple chains, raising doubts about the incident’s true extent—pending a full postmortem report.
How Does the Garden Finance Exploit Affect Bitcoin DeFi Users?
For Bitcoin DeFi users relying on bridges like Garden Finance, this exploit serves as a reminder to verify project security before engaging. Currently, with the protocol offline, transactions are halted, and users are urged to avoid interactions. It emphasizes the need for diversified bridging solutions and robust solver vetting to mitigate risks in cross-chain environments.
Key Takeaways
- Garden Finance Denies Full Hack: The team claims the breach was confined to one solver, with user funds intact and the app temporarily offline for investigation.
- ZachXBT’s On-Chain Evidence: A message from the deployer wallet indicates compromises on multiple blockchains, including Arbitrum, challenging the official narrative.
- Ongoing Vulnerabilities in DeFi Bridges: With $5.8 million reportedly stolen, this incident highlights persistent risks—users should monitor updates and prioritize secure protocols.
Conclusion
The Garden Finance exploit has ignited a debate over the true nature of the breach, with the team’s assurances clashing against compelling on-chain evidence from investigators like ZachXBT. As DeFi bridges continue to evolve in 2025, this event reinforces the importance of transparency and rigorous security audits to protect cross-chain assets. Stakeholders should await the official postmortem while exploring alternative Bitcoin-native solutions to ensure safer participation in decentralized finance.