Catenaa, Saturday, February 07, 2026-Garden Finance said an independent forensic investigation found that an October 2025 security incident was limited to a third party solver and did not affect the protocol or user funds.
The incident occurred on Oct. 30, 2025, when an attacker gained unauthorized access to the operating environment of one of Garden’s largest independent solvers. The breach resulted in the loss of about $11.4 million in crypto assets belonging to the solver across multiple blockchain networks, according to the company.
Garden said it engaged Ernst & Young to conduct a forensic review. The investigation confirmed unauthorized access to the solver’s infrastructure, with SSH authentication logs showing suspicious connections from four IP addresses with indicative locations in Japan and China on the day of the incident.
Because Garden operates as a non custodial protocol with solvers architecturally separated from users, the company said the core protocol remained unaffected and no user assets were exposed or placed at risk.
In parallel, Garden worked with web3 security firm zeroShadow to analyze on-chain activity following the breach. zeroShadow said the incident likely originated from a leaked private key on a compromised device and that laundering patterns were consistent with attacks previously attributed to the North Korea linked threat actor known as DangerousPassword.
After detecting the breach, Garden said it activated its incident response procedures, issued an on-chain whitehat bounty on behalf of the affected solver and reported the matter to local law enforcement. Investigations remain ongoing.
Garden said it has since strengthened security across its solver network, including reducing public infrastructure exposure, adding solver redundancy, expanding third party security reviews and appointing a chief information security officer.
