A cryptocurrency platform designed to move bitcoin across blockchains has suffered a major security breach, losing roughly $11 million in digital assets. The service, known as Garden, allows bitcoin to be traded and transferred between different networks using a cross-chain bridge.
According to Garden’s co-founder Jaz Gulati, the breach affected one of the platform’s “solvers,” an automated component responsible for liquidity and pricing operations. Gulati said that the main protocol remained intact and that no customer funds were directly impacted. He confirmed that Garden is working with security partners to trace the stolen funds and strengthen internal controls.
Blockchain investigator ZachXBT was the first to identify the exploit on-chain. He reported that one of Garden’s wallets appeared to have been compromised and that the project later sent a message to the attacker, offering a 10 percent bounty if the stolen assets were returned. Analysts at the security firm Cyvers said the funds were quickly moved through several transactions and converted into other cryptocurrencies, including stablecoins and wrapped bitcoin, before being swapped for ether.
The incident occurred only days after Garden announced it had surpassed a multi-billion-dollar milestone in total value locked. The timing has intensified scrutiny because the project had previously been flagged for facilitating money-laundering activity tied to North Korean-linked operators. While no evidence links the recent exploit to those allegations, it adds to growing concerns over security in the cross-chain bridging sector.
Cross-chain bridges are critical infrastructure in decentralised finance, allowing digital assets to move between blockchains. They also represent one of the most targeted categories in cryptocurrency attacks. When a single bridge is compromised, attackers can often access large pools of capital stored within smart contracts. Security researchers have repeatedly warned that the design complexity of these systems leaves multiple potential entry points for hackers.
In this case, investigators say the weakness likely stemmed from the solver component rather than the protocol’s core smart contracts. Even so, the incident raises doubts about how isolated Garden’s modules truly are. Industry analysts note that while Garden claims customer funds were unaffected, the ability to compromise a system module still suggests insufficient segmentation or oversight.
The exploit has revived discussion about transparency among decentralised projects. Garden’s initial statements have been criticised for lacking technical detail about how the breach occurred or what specific vulnerabilities were exploited. Some investors are urging the company to commission an independent audit and publish its findings. Others have questioned whether platforms with prior compliance controversies should handle such high volumes of capital without stricter external monitoring.
For the wider cryptocurrency industry, the breach highlights two persistent challenges: weak operational security in smaller protocols and growing attention from regulators tracking illicit finance. Cross-chain bridges have increasingly become tools for moving stolen or sanctioned funds across jurisdictions, prompting financial crime watchdogs to call for closer supervision of these services.
If confirmed, the $11 million theft would add to a string of high-profile attacks on blockchain bridges this year. Previous incidents have targeted similar protocols handling wrapped bitcoin, ether, and stablecoin transfers, resulting in combined losses of hundreds of millions of dollars across the sector.
Garden said it is continuing to monitor affected wallets and will share updates as investigations progress. While no additional compromises have been reported, the incident underscores that even established projects remain vulnerable to targeted attacks against smaller components of their infrastructure.
The case serves as another warning to decentralised finance developers that operational risks extend far beyond core smart contracts. As cross-chain technology grows, so do its security challenges, making proactive monitoring and transparent disclosure key to maintaining trust in the ecosystem.