Garden Finance Reportedly Loses Over $10.8 Million in Hacking Incident

• Garden Finance lost over $10.8 million in a multi-chain hack, days after being accused by ZachXBT of facilitating money laundering.
• Investigators claimed that the platform had over 25% of its traffic from illicit sources, echoing past issues seen with THORChain.
• Garden offered a 10% bounty to the exploiter, though uncertainty remains about how much was stolen or which chains were hit.

Garden Finance recently suffered a hack, with at least $10.8 million in reported losses. Crypto sleuth ZachXBT identified the hacks just days after calling out the platform for facilitating money launderers.

This isn’t the first time a similar incident has occurred in the crypto space. Earlier this year, THORChain enabled North Korean hackers to launder funds, but they stole from THORChain’s founder a few months later.

Garden Suffers Major Hack {#h-garden-suffers-major-hack}

Earlier this week, Garden Finance announced that it had bridged over $2 billion in tokens, but several prominent sleuths accused it of money laundering.

ZachXBT claimed that over 25% of its traffic came from illicit sources, while Tayvano alleged that DPRK-based criminals were using it en masse.

It’s ironic, then, that those same investigators already have another reason to address the company. Earlier today, ZachXBT reported that Garden suffered a $10.8 million hack:

“Garden Finance was likely exploited for $10.8M+ on multiple chains. An address related to the team sent a message onchain to the alleged exploiter offering a 10% whitehat bounty. A few days ago, I pointed out…how Garden Finance was ignoring victims,” he claimed via Telegram.

His initial message mentioned only $5.8 million in losses before it was revised to a substantially higher number. The edit also claimed that “all freezable assets were quickly swapped.” In other words, it’s unclear exactly how much Garden lost in this hack, but the damage is significant.

Garden itself claimed that the hack compromised multiple blockchains, but it only mentioned Arbitrum directly. The firm also said that “assets have been taken from us,” rather than suggesting that user funds were a primary target. For the moment, we don’t have any more details about the attack’s technical specifications.

An Ironic Misfortune {#h-an-ironic-misfortune}

Still, all things considered, Garden isn’t the first company to suffer an ironic hack like this. THORChain, for example, was accused of laundering money from hackers on several occasions, including from North Korea’s feared Lazarus Group.

DPRK-based criminals then stole $1.3 million from THORChain’s founder a few months later.

Incidents like this generally don’t encourage white hat crimefighters to investigate these cases. Besides, if it’s impossible to freeze any stolen assets, what could they even do?

Community investigators could assemble evidence for future prosecution, but that may be totally impractical.

Ultimately, Garden Finance will have to hope that its 10% bounty incentivizes the hackers to cooperate. Otherwise, it’ll be difficult to get much closure beyond an analysis of the breach itself.