Highlights:
- Garden Finance faces allegations of handling stolen cryptocurrency connected to North Korea’s Lazarus Group.
- The investigator claims over 80% of the platform’s fees came from illegal laundering activity.
- Garden Finance denies allegations, but decentralization is questioned due to single-source liquidity control.
On Friday, blockchain security researcher ZachXBT accused Garden Finance, a decentralized finance platform, of processing illicit funds linked to North Korea’s Lazarus Group. This allegation followed a post by Garden’s co-founder Jaz Gulati on X, where he shared a screenshot of the platform’s Dune Analytics dashboard showing $300,000 in fees earned within 12 days.
Advertisement
The Dune dashboard showed that by June 19, Garden Finance had handled 24,984 BTC in total volume. The total volume reached approximately $1.5 billion in USD through over 40,000 atomic swaps. The largest individual swap was 10 BTC, with total fees collected amounting to 40.11 BTC. ZachXBT responded by claiming that over 80% of Garden Finance’s recent fee revenue originated from illicit transactions allegedly linked to North Korea’s Lazarus Group.
ZachXBT retorted:
“You conveniently left out >80% of your fees came from Chinese launderers moving Lazarus Group funds from the Bybit hack. Who are you building for again?”
Garden Finance Founder Denies Allegations
Garden Finance founder Jaz Gulati rejected the accusations and said the platform earned 30 BTC in fees before the Bybit hack. He called the criticism false and said the “fake decentralized” claim has no basis. The platform says it allows cross-chain swaps in 30 seconds with no custody risk.
this is great analysis since 30 BTC fees came before the hack even happened pic.twitter.com/C6A5F3BLsd
— Jaz 🌸 (@jzgulati) June 21, 2025
The blockchain investigator added that he hadn’t even brought up funds from other North Korean hacks, like WazirX, and criticized the DeFi protocol for not detecting the hackers’ transactions.
And I did not even mention all of the other DPRK hacks yet like WazirX?
Imagine founding a fake decentralized bridge and not being able to read the blockchain to analyze such flows
— ZachXBT (@zachxbt) June 21, 2025
On February 21, Bybit was hacked when attackers accessed its cold wallet. They stole nearly $1.5 billion in Ethereum after targeting a developer connected to SAFE Wallet, a tool used by Bybit users, just five days before the hack. Blockchain expert ZachXBT tracked the stolen funds moving through DeFi bridges to groups linked to Lazarus. Gulati dismissed these claims, saying the analyst was relying on incorrect information.
ZachXBT Questions Garden Finance’s Decentralization
ZachXBT claimed that one person kept adding cbBTC liquidity from Coinbase over several days, supporting illegal transactions. He questioned how they could call Garden Finance decentralized when a single actor controlled the liquidity.
ZachXBT said:
“Explain how it is ‘decentralized’ when I watched in real time for multiple days as a single entity kept topping up liquidity from Coinbase for the Chinese launderers as they continued moving Bybit funds?”
In his claims against Gulati, ZachXBT mentioned the July 18 hack of WazirX, an Indian cryptocurrency exchange. The Lazarus Group reportedly stole more than $230 million in that attack. The hackers exploited fake smart contract signatures to overcome WazirX’s multisignature wallet defenses and quickly drained the funds in under an hour. Similar to the Bybit breach, authorities connected this attack to North Korea’s Lazarus Group.
eToro Platform
Best Crypto Exchange
- Over 90 top cryptos to trade
- Regulated by top-tier entities
- User-friendly trading app
- 30+ million users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Advertisement
