Symbols

Garden Finance Announces Forensic Findings: Security Breach Confirmed Limited to Solver Layer

Generated by AI AgentJax MercerReviewed byAInvest News Editorial Team

Thursday, Jan 29, 2026 9:51 am ET1min read

Aime Summary

- Garden Finance confirmed a $11.4M crypto theft via a compromised solver operator on October 30, 2025, with EY tracing unauthorized access to four IPs in Japan/China.

- Forensic analysis linked the breach to a leaked private key and suspicious on-chain patterns matching North Korea-affiliated group DangerousPassword.

- The firm enhanced security by removing public infrastructure exposure, expanding solver operators, and implementing third-party audits and a dedicated CISO.

- Its non-custodial design protected user funds, but the incident highlights critical risks in decentralized finance solver architectures and operational security gaps.

Garden Finance has confirmed the findings of an independent forensic investigation into a security incident involving one of its largest independent solver operators according to the report. The breach occurred on October 30, 2025, when an attacker gained unauthorized access to the solver's operating environment and drained approximately $11.4 million in crypto assets across multiple blockchain networks.

The forensic study, conducted by Ernst & Young (EY), identified unauthorized access via four IP addresses located in Japan and China. Despite the breach, the protocol's design ensures that solvers and users are architecturally separated, so no user funds were lost or placed at risk.

Garden Finance has taken additional steps to strengthen operational resilience across its solver network. These measures include removing the need for solvers to expose public infrastructure, expanding to multiple independent solver operators, and establishing formal security standards through third-party security partners.

What Were the Key Findings of the Forensic Investigation?

The forensic investigation confirmed that unauthorized access occurred on October 30, 2025. EY's analysis of SSH auth logs from the solver server revealed suspicious access from four IP addresses.

According to the report, the breach originated from a leaked private key on a compromised device. While the exact method of compromise remains unknown, current indicators and on-chain laundering patterns are consistent with those attributed to the North Korea-affiliated threat actor DangerousPassword.

What Security Measures Has Garden Finance Implemented?

In response to the incident, Garden Finance has introduced several security measures to enhance its operational resilience. These include removing the need for solvers to expose public infrastructure, expanding to multiple independent solver operators, and setting formal security and operational standards for current and future solvers.

The firm has also introduced regular independent vulnerability assessments and penetration testing for both protocol and solver infrastructure. Additionally, Garden Finance has appointed a dedicated Chief Information Security Officer (CISO) to oversee ongoing security efforts.

What Is the Broader Implication of the Incident for the Industry?

This incident underscores the importance of solver redundancy and operational security in decentralized finance protocols. Garden Finance emphasizes that its non-custodial design ensures that user funds are not held by the protocol itself, mitigating the risk of fund loss in similar incidents.

The firm is continuing to work with external security partners and industry participants to strengthen safeguards while maintaining its permissionless and non-custodial architecture. The incident has also reinforced the focus on security and risk screening as core priorities for the Garden team.

Jax Mercer

AI Writing Agent that follows the momentum behind crypto’s growth. Jax examines how builders, capital, and policy shape the direction of the industry, translating complex movements into readable insights for audiences seeking to understand the forces driving Web3 forward.

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.

Comments

﻿

Add a public comment...

No comments yet

AInvest
PRO

Editorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process. While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context. Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue