Road Town, British Virgin Islands, January 29th, 2026, Chainwire
Garden Finance announced the findings of an independent forensic investigation into a security incident that occurred on October 30, 2025 involving one of its largest independent solver operators.
The incident occurred when an attacker gained unauthorized access to the solver’s operating environment and drained approximately $11.4 million in crypto assets belonging to the solver across multiple blockchain networks.
Garden engaged with Ernst & Young (EY) for a forensic study, which confirmed unauthorized access to the solver's infrastructure. EY stated in its forensic findings that the examination of SSH auth logs from the solver server indicated suspicious access from four IP addresses with indicative locations as Japan and China on 30th October 2025.
Garden is a non-custodial protocol in which solvers are architecturally separated from users. As a result of this design, while the solver’s operating environment was compromised, the protocol itself remained unaffected, and no user funds were lost or placed at risk.
In parallel with the forensic review, Garden partnered with zeroShadow, a web3 security and incident response firm, to analyze on-chain activity related to the incident. zeroShadow’s assessment focused on fund movement and laundering behavior observed after the compromise.
According to zeroShadow, the incident originated from a leaked private key on a compromised device. While the exact method of compromise is still unknown, current indicators and on-chain laundering patterns are consistent with those of other attacks attributed to the North Korea-affiliated threat actor DangerousPassword (aka CryptoCore, Sapphire Sleet, UNC1069).
Following detection of the breach, Garden activated its incident response procedures, issued an on-chain whitehat bounty on behalf of the solver, and reported the incident to the local law enforcement authorities. Investigations remain ongoing.
In response to the incident, Garden has taken additional steps to strengthen operational resilience across its solver network. These actions include removing the need for solvers to expose public infrastructure, expanding to multiple independent solver operators to create greater network resilience, and establishing formal security and operational standards for current and future solvers through third-party security partners. Garden has also introduced regular independent VAPT across both protocol and solver infrastructure and appointed a dedicated CISO to oversee ongoing security efforts.
“This incident reinforced the importance of solver redundancy for the protocol,” said Susruth Nadimpalli, Garden Finance. “It also reinforced our focus on security and risk screening as core priorities for the Garden team.”
Garden Finance will continue collaborating with external security partners and industry participants to strengthen safeguards, while preserving its permissionless and non-custodial design.
About Garden Finance
Garden Finance is building next-generation Bitcoin interoperability through an intent-based architecture with trustless settlement. The protocol enables non-custodial, cross-chain Bitcoin swaps in as little as 30 seconds, without custody risk, through a network of independent solvers.
A detailed incident report outlining the forensic findings is available here.
Contact
Koushik Maturi
Garden Finance
koushik@garden.finance
Disclaimer: Press release sponsored by our commercial partners.