- Hackers drained more than $5.5 million from Garden Finance across multiple blockchains.
- The SEED token plunged 64% after the exploit triggered a wave of sell-offs.
- A DPRK‑linked group dubbed “Dangerous Password” is suspected to be behind the attack.
Garden Finance became the latest major crypto heist target after attackers siphoned at least $5.5 million across several blockchains.
The cross‑chain bridge exploit not only rattled investors but also renewed concerns about the security of decentralized finance (DeFi) infrastructure.
Bridge breach spreads across multiple chains
The attack on Garden Finance unfolded rapidly, draining millions of assets from several networks, including Arbitrum and Solana.
On‑chain researchers led by ZachXBT were the first to identify the unauthorized withdrawals, suggesting total losses could top $10 million once all affected chains are accounted for.
According to early reports, the attacker used a MetaMask router—a fast but costly swapping tool—to immediately convert stolen tokens, including wrapped ETH (wETH), wrapped Bitcoin (WBTC), locked Lombard BTC, cbBTC and SEED (Garden’s native token), into Ethereum (ETH).
🚨ALERT🚨Our system detected that @gardenfi has been hacked ~$6M across multiple chains.
Most of the stolen funds are in $WBTC, $USDC, $USDT and other digital assets.
However, most of the freezable assets are swapped to $ETH.
Team sent on-chain message to hacker offering 10%… pic.twitter.com/76YbG6aPK7— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) October 30, 2025
Those rapid swaps prevented freezing or recovery efforts, as the funds were instantly routed through decentralized exchanges.
Garden Finance later confirmed the breach with an on‑chain message, stating its systems had been compromised across multiple networks.
The team offered a 10% white‑hat reward to the attacker in exchange for returning the funds and disclosing the vulnerability.
But despite that offer, the attacker had not responded at the time of reporting.
ZachXBT links hack to DPRK‑affiliated group
Investigations by ZachXBT and other blockchain analysts indicate the hacking collective associated with North Korea, known as “Dangerous Password,” may be involved in the exploit.
The group has been linked to several recent cross‑chain incidents that target smaller protocols with liquid assets that can be rapidly converted.
Days before the Garden breach, ZachXBT alleged the protocol had facilitated illicit activity, claiming up to 25% of its transfer volume was connected to assets stolen in previous hacks of Bybit and Swissborg.
Security researcher Tayvano also asserted that North Korean attackers had heavily used Garden’s bridge to move illicit funds.
Those findings cast a shadow over the platform’s recent achievements.
Earlier this month, Garden Finance proudly announced it had locked more than $2 billion in tokens, but revelations that a quarter of its traffic could stem from illicit sources severely damaged its reputation.
Ironically, a platform once accused of enabling money laundering has now itself been victimized by the very type of attackers it was criticized for serving.
Observers compared the situation to THORChain, a protocol similarly accused of facilitating North Korean actor operations before it became an attack target.
ZachXBT highlighted this irony, noting Garden’s team reportedly earned “high six‑figure” fees from illicit transfers while failing to assist victims of past incidents.
The exploit serves as a stark reminder of the risks facing protocols that neglect compliance and transparency.
With estimated losses ranging from $5.5 million to $10.8 million and SEED’s price collapse, Garden Finance faces a long road to recovery.
Whether the attacker accepts the offered 10% bounty or escapes with the funds, the incident underscores the urgent need for stronger bridge security, real‑time monitoring, and improved collaboration between developers and blockchain investigators.
SEED token crashes amid panic selling
The token’s drop was immediate. When the attacker dumped stolen SEED into an illiquid pool on Uniswap, the price plunged 64% to $0.1928, shrinking market capitalization to roughly $2.5 million.
Although SEED recovered slightly to about $0.23, it remained down roughly 57% from the previous day’s close.
Thin liquidity magnified the selling impact, eroding investor confidence and intensifying scrutiny of the protocol’s risk controls.