Garden Finance

2017-01-01

Jaz Gulati, Susruth Nadimpalli, Taiyang Zhang, and Loong Wang co-found Republic Protocol (later rebranded Ren Protocol) in Australia, raising approximately $67 million.

2021-01-01

Alameda Research acquires Ren Protocol.

2022-11-01

FTX and Alameda Research collapse; Ren Protocol shuts down, stranding approximately $12 million in user Bitcoin.

2023-01-01

Jaz Gulati and Susruth Nadimpalli launch Garden Finance as a decentralized HTLC-based Bitcoin bridge, positioning it as a successor to Ren Protocol.

2025-02-21

Bybit exchange is hacked by North Korea's Lazarus Group via multi-signature authentication exploitation; approximately 401,347 ETH (~$1.4 billion) is stolen.

2025-06-21

ZachXBT publishes on-chain investigation alleging that over 80% of Garden Finance's recent fee revenue was derived from laundering Bybit hack proceeds linked to Lazarus Group, and that 16 wallets connected to the hack executed synchronized transactions through the protocol.

2025-06-21

Garden Finance co-founder Jaz Gulati publicly disputes ZachXBT's laundering allegations, claiming 30 BTC in fees were collected prior to the Bybit hack and citing integration of screening tools.

2025-10-30

Garden Finance's largest independent solver operator is compromised via a private key leak. SSH logs show suspicious access from IP addresses located in Japan and China. The attacker begins draining solver assets across Ethereum, Solana, Arbitrum, and BNB Chain.

2025-10-31

Garden Finance publicly acknowledges the breach, offers a 10% white-hat bounty to the attacker for return of funds and exploit disclosure. Protocol goes offline. ZachXBT notes that the on-chain message to the attacker originated from a Garden team deployer address.

2025-10-31

Total losses estimated at approximately $5.5 million in initial reports; later revised upward to approximately $10.8–$11.4 million across multiple chains. Stolen tokens include wETH, WBTC, cbBTC, LBTC, and SEED.

2025-11-01

Security firm CertiK reports that the exploiter transferred approximately $6.65 million (501 BNB and 1,910 ETH) to Tornado Cash. Approximately $1.8 million in SOL and $500K in EVM funds remain in attacker-controlled addresses.

2025-11-01

zeroShadow security analysts assess that on-chain laundering patterns from the exploit are consistent with North Korea-affiliated threat actor DangerousPassword (CryptoCore / Sapphire Sleet / UNC1069). Ernst & Young forensic report confirms private key leak as root cause.