Yesterday’s $11 million hack of bitcoin (BTC) bridge Garden was met with little sympathy from the crypto community, following allegations of its profiting from the proceeds of other hacks.
Acknowledging the incident, the team insisted that the protocol itself wasn’t hacked. Instead, one of its “solvers” was compromised, with losses “limited to the solver’s own inventory.”
However, on-chain evidence points to the solver being run by the Garden team and blockchain investigators have accused the team of attempting to “downplay the incident” in order to appear “decentralized.”
Read more: DeFi projects under fire for inflated TVL and murky lending loops
According to Garden’s docs, solvers act as market makers to facilitate bridging BTC and its wrapped varieties across chains. One of these solvers likely suffered a private key compromise.
The resulting losses totalled around $11 million across Ethereum, BSC, and Solana.
Tanuki42, an investigator at zeroShadow, attributed the attack to “a DPRK-affiliated group known as DangerousPassword.” They identified over $2 million of losses on Solana as originating from last month’s $41 million hack of Swissborg.
Read more: DeFi security researcher implicated in $50M Radiant Capital hack
As to the identity of the solver, which the team claims isn’t them, Tanuki42 and fellow blockchain investigator ZachXBT point to on-chain links which suggest otherwise.
“Backtracing the initial gas funding,” Tanuki42 connected the compromised solver to REN and Keeper DAO addresses, which share team members with Garden.
Meanwhile, ZachXBT highlighted an on-chain message apparently sent by the Garden deployer which states “our systems have been compromised.”
The message urges the exploiter to return funds and keep a 10% bounty.
Garden facing Zach-lash
Commentators were quick to label the incident “karma,” given that Garden has been consistently criticized by the two investigators.
Two days prior to the hack, ZachXBT responded to Garden’s founder celebrating a $2 billion volume milestone that he “sincerely hope[s] a government puts your team in prison… after >25% funds bridged are stolen funds.”
In June, he also noted that Garden’s founder ”conveniently left out >80% of your fees came from Chinese launderers moving Lazarus Group funds from the Bybit hack.”
He describes “watch[ing] in real time… as a single entity kept topping up cbBTC liquidity [for the] launderers.”
Following yesterday’s hack, zachxbt.eth sent an on-chain message, advising the exploiter to think twice about Garden’s bounty offer.
Read more: Crypto has become Kim Jong-Un’s lifeline — and Russia’s secret weapon
Tanuki42 is also “sick to death of DeFi protocols flexing record volumes when the majority of their usage is coming from illicit activity.”
Referencing a recent Multilateral Sanctions Monitoring Team report, they accuse projects who do nothing about such activity of “indirectly enabling DPRK to purchase weapons which are being used by Russia to kill Ukrainians.”
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
Source: https://protos.com/defi-karma-garden-hacked-for-11m-after-bridging-lazarus-loot/