Cross-Chain Protocol Drained via Compromised Third-Party Solver Infrastructure ∞ Security

The image displays an abstract composition of frosted, textured grey-white layers partially obscuring a vibrant, deep blue interior. Parallel lines and a distinct organic opening within the layers create a sense of depth and reveal the luminous blue

A polished metallic rod, angled across the frame, acts as a foundational element, conceptually representing a high-throughput blockchain network conduit. Adorned centrally is a complex, star-shaped component, featuring alternating reflective blue and textured white segments

Briefing

The cross-chain protocol Garden Finance suffered a sophisticated multi-chain exploit, resulting in the theft of approximately $10.8 million in wrapped assets and stablecoins. The primary consequence was the immediate drain of liquidity pools across Arbitrum, Ethereum, and Solana, enabling the attacker to convert funds into unfreezable ETH and subsequently launder them via Tornado Cash. This incident highlights a critical failure in operational security, specifically the compromise of a third-party solver’s infrastructure or its associated private keys.

A complex network of interwoven metallic silver and dark blue conduits forms a dense infrastructure, secured by clamps. At its core, a luminous, translucent blue cube, patterned with digital data and a prominent "0" symbol, glows brightly

Context

The prevailing risk for cross-chain protocols remains the centralization of key operational components, such as off-chain solvers or bridge relayers, which hold liquidity outside of the core smart contract’s immutable logic. This incident leveraged the inherent security brittleness of hybrid CeDeFi models, where the core smart contracts rely on the integrity of opaque, centralized web2 infrastructure for transaction execution. Furthermore, the protocol’s documented history of processing illicit funds from major prior hacks indicated a pre-existing, low-security posture and weak internal controls.

A central, glowing blue cylindrical mechanism, indicative of a high-performance cryptographic primitive or consensus engine, is securely embedded within a white, granular, and enveloping structure. Metallic components signify robust protocol architecture and smart contract execution

Analysis

The attack vector was a compromise of a single, third-party “solver” responsible for executing cross-chain atomic swaps. This solver, which held its own liquidity to facilitate fast transactions, was compromised at the infrastructure or credential level, not through a core smart contract logic flaw. The attacker gained unauthorized access to the solver’s funds, initiating internal withdrawal operations to drain WBTC, USDC, and USDT from the protocol’s multi-chain liquidity pools. The immediate, coordinated conversion of assets into ETH and subsequent movement of $6.65 million to a privacy mixer was the final stage of the attacker’s kill chain.

A white, high-tech module is shown partially separated, revealing glowing blue internal components and metallic rings. The detached front section features a circular opening, while the main body displays intricate, illuminated circuitry

Parameters

Total Loss ∞ $10.8 Million – Final revised estimate of stolen assets across all affected chains.
Vulnerable Component ∞ Third-Party Solver – The compromised off-chain infrastructure responsible for cross-chain liquidity.
Affected Chains ∞ Arbitrum, Ethereum, Solana – The primary blockchain networks from which assets were drained.
Token Price Impact ∞ 64% Plunge – The immediate drop in the native SEED token value following the exploit and subsequent market sell-off.

A striking blue crystalline structure, interspersed with clear, rectangular elements, emerges from a wavy, dark blue body of water under a light blue sky. White, foamy masses cling to the base and upper parts of the formation, suggesting dynamic interaction with the water

Outlook

Protocols utilizing off-chain solvers or centralized relayers must immediately implement multi-signature controls and robust, real-time intrusion detection systems for their operational infrastructure. The incident reinforces the contagion risk associated with opaque third-party dependencies, demanding that all connected DeFi platforms audit their exposure to such hybrid components. This event will likely establish a new security best practice requiring all cross-chain infrastructure to adopt verifiable Proof-of-Reserve (PoR) and fully decentralized key management.

A detailed, close-up view reveals a dense aggregation of abstract digital and mechanical components, predominantly in metallic silver and varying shades of deep blue. The foreground features a distinct silver cubic unit with a circular, layered mechanism, surrounded by a complex network of blue structural elements, interwoven wires, and illuminated data points

Verdict

This $10.8 million compromise is a definitive case study demonstrating that off-chain operational security failures are the new critical vulnerability for multi-chain DeFi architecture.

cross chain bridge, third party risk, solver infrastructure, liquidity pool drain, multi chain exploit, off chain vulnerability, illicit fund flow, asset laundering, wrapped assets, stablecoin theft, smart contract dependency, security posture, white hat bounty, token price crash, decentralized exchange, atomic swap, on chain forensics, private key compromise, operational security Signal Acquired from ∞ ambcrypto.com