Skip to main content
Sign in
Garden Finance1 decision on this page

Audit log

Every state-changing event for Garden Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 00:20:40Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,660,367
    sig
    4vwXtytkNwsR…LVzThj61explorer ↗
    hash
    DfzdYRu4kzy2…3kPtq8kbsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5516 B) ▸
    {"actor":"system:backfill","investigation_id":"a62827db-d820-4e40-8d32-f25bf58e43f6","kind":"publish","page_slug":"garden-finance","published_at":"2026-05-19T00:20:40.477Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Garden Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"Garden Finance is a cross-chain Bitcoin bridge protocol launched in 2023 by former Ren Protocol developers, using Hash Time Locked Contracts (HTLCs) and an intents-based solver network to enable atomic swaps across Ethereum, Solana, Arbitrum, Base, and other chains. On October 30–31, 2025, one of its largest solver operators was compromised via a leaked private key, resulting in approximately $11.4 million in stolen assets that were subsequently laundered through Tornado Cash. Prior to the exploit, blockchain investigator ZachXBT alleged that over 80% of the protocol's recent fee revenue was derived from laundering funds stolen in the February 2025 Bybit hack, which the Lazarus Group (DPRK) perpetrated for approximately $1.4 billion.","timeline":[{"date":"2017-01-01","event":"Jaz Gulati, Susruth Nadimpalli, Taiyang Zhang, and Loong Wang co-found Republic Protocol (later rebranded Ren Protocol) in Australia, raising approximately $67 million.","source":"","source_url":"https://www.theregister.com/2025/10/31/attackers_dig_up_11m_in/"},{"date":"2021-01-01","event":"Alameda Research acquires Ren Protocol.","source":"","source_url":"https://finance.yahoo.com/news/25-garden-finance-funds-linked-175501426.html"},{"date":"2022-11-01","event":"FTX and Alameda Research collapse; Ren Protocol shuts down, stranding approximately $12 million in user Bitcoin.","source":"","source_url":"https://finance.yahoo.com/news/25-garden-finance-funds-linked-175501426.html"},{"date":"2023-01-01","event":"Jaz Gulati and Susruth Nadimpalli launch Garden Finance as a decentralized HTLC-based Bitcoin bridge, positioning it as a successor to Ren Protocol.","source":"","source_url":"https://renproject.io/"},{"date":"2025-02-21","event":"Bybit exchange is hacked by North Korea's Lazarus Group via multi-signature authentication exploitation; approximately 401,347 ETH (~$1.4 billion) is stolen.","source":"","source_url":"https://www.cryptotimes.io/2025/06/21/zachxbt-claims-garden-finances-illicit-role-in-laundering-1-4b-bybit-hack-funds/"},{"date":"2025-06-21","event":"ZachXBT publishes on-chain investigation alleging that over 80% of Garden Finance's recent fee revenue was derived from laundering Bybit hack proceeds linked to Lazarus Group, and that 16 wallets connected to the hack executed synchronized transactions through the protocol.","source":"","source_url":"https://www.cryptotimes.io/2025/06/21/zachxbt-claims-garden-finances-illicit-role-in-laundering-1-4b-bybit-hack-funds/"},{"date":"2025-06-21","event":"Garden Finance co-founder Jaz Gulati publicly disputes ZachXBT's laundering allegations, claiming 30 BTC in fees were collected prior to the Bybit hack and citing integration of screening tools.","source":"","source_url":"https://www.bitdegree.org/crypto/news/zachxbt-claims-80-of-garden-finance-fees-tied-to-stolen-bitcoin"},{"date":"2025-10-30","event":"Garden Finance's largest independent solver operator is compromised via a private key leak. SSH logs show suspicious access from IP addresses located in Japan and China. The attacker begins draining solver assets across Ethereum, Solana, Arbitrum, and BNB Chain.","source":"","source_url":"https://decrypt.co/356301/garden-finance-shares-forensic-findings-security-breach-limited-to-solver-layer"},{"date":"2025-10-31","event":"Garden Finance publicly acknowledges the breach, offers a 10% white-hat bounty to the attacker for return of funds and exploit disclosure. Protocol goes offline. ZachXBT notes that the on-chain message to the attacker originated from a Garden team deployer address.","source":"","source_url":"https://www.theregister.com/2025/10/31/attackers_dig_up_11m_in/"},{"date":"2025-10-31","event":"Total losses estimated at approximately $5.5 million in initial reports; later revised upward to approximately $10.8–$11.4 million across multiple chains. Stolen tokens include wETH, WBTC, cbBTC, LBTC, and SEED.","source":"","source_url":"https://www.halborn.com/blog/post/month-in-review-top-defi-hacks-of-october-2025"},{"date":"2025-11-01","event":"Security firm CertiK reports that the exploiter transferred approximately $6.65 million (501 BNB and 1,910 ETH) to Tornado Cash. Approximately $1.8 million in SOL and $500K in EVM funds remain in attacker-controlled addresses.","source":"","source_url":"https://ambcrypto.com/garden-finance-exploiter-moves-6-65m-to-tornado-cash-after-10-8m-hack/"},{"date":"2025-11-01","event":"zeroShadow security analysts assess that on-chain laundering patterns from the exploit are consistent with North Korea-affiliated threat actor DangerousPassword (CryptoCore / Sapphire Sleet / UNC1069). Ernst & Young forensic report confirms private key leak as root cause.","source":"","source_url":"https://decrypt.co/356301/garden-finance-shares-forensic-findings-security-breach-limited-to-solver-layer"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision a981daa5-71f6-4a84-ad7d-681ad66df939
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.