Garden Finance, a cross-chain yield protocol, has experienced a significant security breach, with losses reported to be over $5.5 million. Blockchain investigator ZachXBT indicated that the exploit likely targeted the project's multi-chain infrastructure, allowing attackers to convert stolen assets into Ether (ETH) shortly after the incident.
While the Garden Finance team has not yet released a formal public statement, they did communicate an on-chain message to the alleged attacker. This message proposed a 10% white-hat bounty in exchange for the return of the stolen funds.
Blockchain security firm PeckShield has confirmed the ongoing movement of the compromised assets, noting that all freezeable tokens were promptly converted.
Analysis of Exposure and Historical Activity
ZachXBT's analysis indicates that the total exposure from this exploit could potentially surpass $10.8 million, impacting multiple blockchain networks. Furthermore, ZachXBT highlighted that over 25% of Garden Finance's historical on-chain activity has been linked to assets previously associated with stolen funds, referencing earlier incidents involving Bybit and Swissborg exploits.
The specific blockchain addresses involved in the theft have been identified as 0x98BC on the Ethereum network and WZy4xx on the Solana network. Both of these addresses are now flagged for suspicious activity.
Broader Implications for Decentralized Finance
The exploit of Garden Finance follows a series of significant breaches within the decentralized finance (DeFi) sector this month. Notably, a recent Coinbase hack resulted in attackers stealing over $300 million, with a portion of these funds later used to acquire 100,000 SOL.
These incidents underscore the persistent vulnerabilities present in cross-chain systems and emphasize the growing necessity for enhanced security measures and more rigorous verification standards across all decentralized networks.