25% of Garden Finance Funds Linked to Stolen Assets, ZachXBT Reveals

Garden Finance suffered an exploit exceeding $10.8 million throughout a number of blockchain networks, with on-chain sleuth ZachXBT revealing that over 25% of the platform’s historic exercise concerned funds stolen from the platform.

The breach provides scrutiny to a Bitcoin bridge already going through allegations of facilitating North Korean cash laundering operations.

An tackle linked to Garden’s workforce despatched an on-chain message to the alleged exploiter providing a ten% white-hat bounty, although the corporate has not issued a public assertion.

All freezeable belongings had been shortly transformed by the attacker by addresses 0x98***D12 on EVM chains and WZy4***JCH on Solana.

Pattern of Stolen Funds Predates Security Breach

Days earlier than the exploit, ZachXBT publicly criticized Garden Finance for ignoring victims looking for payment refunds after the platform processed funds from main hacks, together with the Bybit exploit and Swissborg incident.

The investigator estimated that greater than one-quarter of Garden’s whole quantity got here from illicit sources, with the platform incomes six-figure earnings from these flows between April and July 2025 alone.

The criticism focused Garden co-founder Jaz Gulati, who had not too long ago celebrated the platform’s progress since its launch two years in the past as an evolution of Ren Protocol.

ZachXBT said, “I sincerely hope a authorities places your workforce in jail with Diddy subsequent cycle for ignoring victims like Bybit after >25% funds bridged are stolen funds.“

When questioned about his stance on permissionless protocols, ZachXBT distinguished Garden from Tornado Cash, noting that solely Tornado Cash had handed his decentralization check, because the expertise continued to function after sanctions and arrests.

Tornado is the one one of these three that passes my check of being decentralized so the devs have my help (tech continued working simply effective after sanctions / their arrests)

Thorchain has a bigger natural userbase than Garden.

Garden raised the swap restrict to 10 BTC…

— ZachXBT (@zachxbt) October 28, 2025

He criticized Garden for elevating its swap restrict to 10 BTC earlier this 12 months, which enabled large-scale abuse by illicit entities, whereas the workforce remained silent on returning earnings from these transactions.

Money Laundering Infrastructure Spans Eight Years

According to a detailed investigation on X, Garden Finance operates because the successor to Ren Protocol, based in 2017 as Republic Protocol in Australia by Taiyang Zhang, Loong Wang, and Jaz Gulati.

The unique enterprise raised $67 million by a $33 million ICO and $34 million from enterprise capital, later rebranding as Ren Protocol and launching RenVM in 2020.

This platform facilitated over $13 billion in Bitcoin transactions by bridges throughout the DeFi increase.

Alameda Research acquired Ren in 2021 for $700,000 per quarter, integrating the protocol into Solana’s ecosystem.

However, FTX’s collapse in late 2022 pressured Ren’s shutdown, leaving $12 million in person Bitcoin stranded.

Ren Protocol and Garden Finance are linked to over $540M laundered

ZachXBT calls each “cash washing machines”

The actuality is even worse:

2017: the start

•based in Australia as Republic Protocol by Taiyang Zhang, Loong Wang, and Jaz Gulati
•promised “personal… pic.twitter.com/2PhIdqhj3L

— StarPlatinum (@StarPlatinumSOL) October 28, 2025

Former Ren builders, led by Susruth Nadimpalli and Gulati, launched Garden Finance in 2023, claiming to supply “the following technology of Bitcoin transfers” by atomic swaps, which allow 30-second BTC transactions.

Blockchain intelligence agency Elliptic reported that Ren processed over $540 million in illicit funds between 2020 and 2025, with the protocol utilized by the Conti and Ryuk ransomware teams, in addition to North Korea’s Lazarus Group.

ZachXBT traced 25 separate hacks that funneled by RenBridge, which served as the popular path for changing stolen Ethereum into nameless Bitcoin, finally main Binance to delist REN due to reputational danger.

North Korean Operations Dominate Platform Activity

Evidence suggests over 75% of Garden’s whole quantity originated from stolen funds, with $160 million shifting by the platform inside 48 hours of the $1.4 billion Bybit hack.

Garden earned over $300,000 in charges from these flows whereas liquidity remained managed by a single dominant node, contradicting claims of decentralization.

The laundering sample follows a constant path, the place stolen Ethereum is swapped for Bitcoin through Garden on Arbitrum or Base networks, blended by Coinbase’s cbBTC, after which chain-hopped into Solana for the ultimate exit.

ZachXBT documented 16 wallets related to the Bybit hack, executing synchronized six- and seven-figure swaps inside minutes, and accused Garden of masking Lazarus Group exercise by what he known as “blockchain illiteracy” and “willful blindness.”

Crypto investigator Tayvano escalated the accusations by alleging that DPRK-based hackers had been actively conducting cash laundering by Garden.

Chat, it’s DPRK.

It’s funds stolen from folks, initiatives, protocols on this business. Stolen from your mates.

Its funds stolen to preserve the North Korean regime in energy & allow them to reside their lives of luxurious on the expense of North Korean residents and the world at massive. https://t.co/yVCyxSWN1P

— Tay (@tayvano_) October 24, 2025

During a heated trade with Gulati, she said that the corporate was undoubtedly conscious of DPRK-related discrepancies, but it didn’t take person security or compliance severely.

North Korean hackers stole over $1.3 billion throughout 47 incidents in 2024 and $2.2 billion in the first half of 2025 alone, funding the regime’s weapons program by elaborate cash laundering networks.

The put up 25% of Garden Finance Funds Linked to Stolen Assets, ZachXBT Reveals appeared first on Cryptonews.