Yesterday’s $11 million hack of Bitcoin (BTC) Bridge Garden received little sympathy from the crypto community following allegations that it profited from the proceeds of other hacks.
While acknowledging the incident, the team maintained that the protocol itself had not been hacked. Instead, one of its “solvers” was compromised and the losses were “limited to the solver’s own inventory.”
However, on-chain evidence shows that the solver was run by the Garden team, and blockchain researchers have accused the team of trying to “downplay the incident” to appear “decentralized.”
read more: DeFi projects come under criticism due to soaring TVL prices and opaque financing loops
According to Garden’s documentation, Solver acts as a market maker, facilitating the bridging of BTC and its wrapped varieties across chains. One of these solvers may have had its private key compromised.
The resulting losses totaled approximately $11 million across Ethereum, BSC, and Solana.
ZeroShadow researcher Tanuki42 believes the attack was carried out by a “North Korea-affiliated group known as DangerousPassword.” They identified more than $2 million in losses at Solana as a result of last month’s $41 million hack against Swissborg.
read more: DeFi security researcher involved in $50 million Radiant Capital hack
As for the identity of the solver that the team claims is not theirs, Tanuki42 and fellow blockchain researcher ZachXBT point to on-chain links that suggest otherwise.
“Going back to the first gas fund,” Tanuki42 connected the compromised solver to REN and Keeper DAO addresses and shared team members with Garden.
Meanwhile, ZachXBT highlighted an on-chain message that appears to have been sent by Garden’s deployer stating that “our system has been compromised.”
The message urges the exploiters to return the funds and keep the 10% bounty.
Garden facing Zaharash
Commentators were quick to label the incident “karma” given that Garden had been consistently criticized by both investigators.
Two days before the hack, ZachXBT responded to Garden’s founder celebrating the $2 billion trading volume milestone, saying, “I sincerely hope the government puts your team in jail because over 25% of the funds bridged are stolen funds.”
He also pointed out in June that Garden’s founders “conveniently excluded more than 80% of fees from Chinese launderers who moved Lazarus Group funds from the Bybit hack.”
“We are watching in real time as a single entity continues to replenish cbBTC liquidity for launderers,” he explains.
Following yesterday’s hack, zachxbt.eth sent an on-chain message advising abusers to think twice about Garden’s bounty offer.
read more: Cryptocurrency has become Kim Jong Un’s lifeline and Russia’s secret weapon
Tanuki42 also said, “I’m tired of DeFi protocols changing record amounts even though the majority of the usage is due to illegal activities.”
Referring to a recent Multilateral Sanctions Monitoring Team report, they charge that the project, which does nothing against such activities, is “indirectly enabling North Korea to purchase the weapons that Russia is using to kill Ukrainians.”
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
