Garden Finance, a cross-chain crypto platform, has come under intense scrutiny after an independent investigation claimed that a substantial portion of its activity is tied to stolen assets. Blockchain analyst ZachXBT reported that more than one-quarter of the platform’s overall transaction volume was linked to illicit funds, a finding that surfaced shortly after the platform suffered a major exploit exceeding $10 million. The incident, which affected several blockchain networks, has escalated concerns regarding Garden Finance’s security posture and its alleged involvement in laundering cybercrime proceeds.
The breach prompted speculation that the platform was already operating in a high-risk environment, given its reported history of processing funds connected to prominent hacks. The investigator cited examples such as the Bybit attack and the Swissborg breach as among those routed through Garden Finance. Although the project has not issued an official response, it was reported that a 10% white-hat bounty was offered to the attacker in hopes of recovering some of the stolen assets.
Tornado is the only one of these three that passes my test of being decentralized so the devs have my support (tech continued operating just fine after sanctions / their arrests)
Thorchain has a larger organic userbase than Garden.
Garden raised the swap limit to 10 BTC…
— ZachXBT (@zachxbt) October 28, 2025
Allegations of Facilitating Illicit Operations
The claims against Garden Finance extend beyond a single exploit. Days before the attack, the platform had already been criticized for ignoring refund requests from users who lost funds in earlier incidents. The analyst suggested that a considerable share of Garden’s revenue was derived from the handling of illicit funds, and the criticism was aimed in part at co-founder Jaz Gulati, who was said to have previously promoted the platform’s growth without acknowledging rising misconduct allegations.
Garden Finance’s operational lineage traces back to Ren Protocol, a cross-chain bridge that once enabled large Bitcoin transfers. Ren was acquired by Alameda Research in 2021 but was later discontinued following the collapse of FTX. According to the latest findings, both Ren and Garden Finance were used as channels for laundering digital assets valued at more than $540 million over time. A significant portion of those funds was reportedly tied to North Korean cyber operations.
Ren Protocol and Garden Finance are linked to over $540M laundered
ZachXBT calls both “money washing machines”
The reality is even worse:
2017: the beginning
•founded in Australia as Republic Protocol by Taiyang Zhang, Loong Wang, and Jaz Gulati
•promised “private… pic.twitter.com/2PhIdqhj3L— StarPlatinum (@StarPlatinumSOL) October 28, 2025
Links to State-Sponsored Hacking Groups
Additional investigation suggested that over three-quarters of Garden Finance’s total volume originated from stolen funds, many of which were linked to North Korean hacking groups. These funds were allegedly funneled through the platform to support state programs, including weapons development, by converting stolen Ethereum into Bitcoin. The findings place Garden Finance in the spotlight as a suspected conduit for one of the most active cyber-theft operations in the world.
Pressure Builds for Transparency and Reform
The growing list of accusations has intensified regulatory and community pressure on the platform to respond publicly and implement corrective measures. Critics argue that Garden Finance has failed to demonstrate adequate internal controls or sufficient screening systems to block illicit transactions. The unresolved exploit, the lack of user refunds, and the alleged long-term role in laundering cybercrime proceeds have collectively fueled calls for external oversight and stricter compliance obligations.
With scrutiny mounting from both analysts and affected users, Garden Finance is expected to face ongoing demands to disclose its internal processes, bolster security practices, and address allegations that it knowingly profited from criminal activity.