Garden Finance experienced a significant multichain hack, resulting in the loss of between $5.5 million and $10 million in various digital assets. The compromised assets include Bitcoin (BTC), Wrapped Bitcoin (WBTC), Wrapped Ether (WETH), cbBTC, and SEED, the protocol's native token.
The attack was detected by on-chain researcher ZachXBT, who initially warned of potential increases in total outflows. The Garden team confirmed the breach, stating that its systems were compromised across several blockchains, including Arbitrum. In an attempt to recover the stolen funds, the protocol offered the attacker a 10% bounty in exchange for the assets and assistance in identifying the vulnerability. However, no response has been received from the perpetrator.
The stolen funds were rapidly moved and swapped using the MetaMask router, a method that, while costly, is known for its speed and ability to complicate tracking or freezing efforts. Among the compromised assets were Lombard, BTC, WBTC, WETH, cbBTC, and SEED. Cyvers Alert reported the total compromised amount at approximately $6 million, though some analysts suggest the actual value could be double. Researchers in the ecosystem have attributed the attack to the North Korean group Dangerous Password, a group previously linked to exploits involving bridges and DeFi protocols.
Impact on SEED Token and Protocol's Reputation
Following the hack, the SEED token experienced a sharp decline, plummeting 64% to $0.19. This significant drop reduced its market capitalization to $2.5 million. The depreciation was exacerbated by the hacker selling the token into low-liquidity Uniswap pools, accelerating its value loss and severely damaging user confidence in the Garden Finance protocol.
Further scrutiny revealed that Garden Finance had allegedly been used to launder funds from previous hacks, including those involving Bybit and Swissborg. ZachXBT estimated that nearly 25% of the protocol's total activity originated from illicit deposits. The researcher also noted that the Garden team had earned substantial fees from these operations and had not cooperated in returning stolen funds to previous victims.
Before this incident, Garden Finance processed approximately $2.5 million in daily volume and generated around $2.52 million in annualized revenue. This hack represents one of the most severe recent attacks on a DeFi bridge and underscores the persistent security risks within decentralized finance protocols.
The information presented in this article is for informational purposes only and should not be interpreted as investment advice. The cryptocurrency market is highly volatile and may involve significant risks. We recommend conducting your own analysis.