Security

Cross-Chain Protocol Drained via Compromised Third-Party Solver Infrastructure

The cross-chain solver compromise exposed critical off-chain dependency risk, resulting in a multi-chain liquidity drain exceeding $10 million.
November 12, 20253 min

A high-resolution image displays a white and blue modular electronic component, featuring a central processing unit CPU or an Application-Specific Integrated Circuit ASIC embedded within its structure. The component is connected to a larger, blurred system of similar design, emphasizing its role as an integral part of a complex technological setup
A futuristic spherical mechanism, partially open, reveals an intricate internal process with distinct white and blue elements. The left side displays a dense aggregation of white, granular material, transitioning dynamically into a vibrant formation of sharp, blue crystalline structures on the right, all contained within a metallic, paneled shell

Briefing

The cross-chain protocol Garden Finance suffered a sophisticated multi-chain exploit, resulting in the theft of approximately $10.8 million in wrapped assets and stablecoins. The primary consequence was the immediate drain of liquidity pools across Arbitrum, Ethereum, and Solana, enabling the attacker to convert funds into unfreezable ETH and subsequently launder them via Tornado Cash. This incident highlights a critical failure in operational security, specifically the compromise of a third-party solver’s infrastructure or its associated private keys.

The image displays a white, soft, arched form resting on a jagged, dark blue rocky mass, which is partially submerged in calm, rippling blue water. Behind these elements, two angled, reflective blue planes stand, with a metallic sphere positioned between them, reflecting the surrounding forms and appearing textured with white granular material

Context

The prevailing risk for cross-chain protocols remains the centralization of key operational components, such as off-chain solvers or bridge relayers, which hold liquidity outside of the core smart contract’s immutable logic. This incident leveraged the inherent security brittleness of hybrid CeDeFi models, where the core smart contracts rely on the integrity of opaque, centralized web2 infrastructure for transaction execution. Furthermore, the protocol’s documented history of processing illicit funds from major prior hacks indicated a pre-existing, low-security posture and weak internal controls.

The image presents an intricate arrangement of deep blue modular blocks and metallic silver components, featuring a prominent central core with exposed blue and silver wiring. This complex structure exhibits a highly organized, futuristic mechanical aesthetic, suggesting a sophisticated functional system

Analysis

The attack vector was a compromise of a single, third-party “solver” responsible for executing cross-chain atomic swaps. This solver, which held its own liquidity to facilitate fast transactions, was compromised at the infrastructure or credential level, not through a core smart contract logic flaw. The attacker gained unauthorized access to the solver’s funds, initiating internal withdrawal operations to drain WBTC, USDC, and USDT from the protocol’s multi-chain liquidity pools. The immediate, coordinated conversion of assets into ETH and subsequent movement of $6.65 million to a privacy mixer was the final stage of the attacker’s kill chain.

A transparent, intricately designed casing encloses a dynamic blue liquid filled with numerous small, sparkling bubbles. Within this active fluid, a precise metallic and dark mechanical component is visible, suggesting a sophisticated internal operation

Parameters

  • Total Loss → $10.8 Million – Final revised estimate of stolen assets across all affected chains.
  • Vulnerable Component → Third-Party Solver – The compromised off-chain infrastructure responsible for cross-chain liquidity.
  • Affected Chains → Arbitrum, Ethereum, Solana – The primary blockchain networks from which assets were drained.
  • Token Price Impact → 64% Plunge – The immediate drop in the native SEED token value following the exploit and subsequent market sell-off.

A meticulously engineered device showcases an exposed internal mechanism with intricate metallic gears, plates, and springs, set against a clean white background. Bright blue interwoven strands encase the core, providing a striking visual contrast to the polished silver and vibrant blue internal components

Outlook

Protocols utilizing off-chain solvers or centralized relayers must immediately implement multi-signature controls and robust, real-time intrusion detection systems for their operational infrastructure. The incident reinforces the contagion risk associated with opaque third-party dependencies, demanding that all connected DeFi platforms audit their exposure to such hybrid components. This event will likely establish a new security best practice requiring all cross-chain infrastructure to adopt verifiable Proof-of-Reserve (PoR) and fully decentralized key management.

A white spherical object with embedded metallic and blue modular elements floats centrally, surrounded by blurred blue crystalline polygons and white spheres. The sphere's exposed internal structure suggests a complex, interconnected system, reminiscent of a sophisticated blockchain node

Verdict

This $10.8 million compromise is a definitive case study demonstrating that off-chain operational security failures are the new critical vulnerability for multi-chain DeFi architecture.

cross chain bridge, third party risk, solver infrastructure, liquidity pool drain, multi chain exploit, off chain vulnerability, illicit fund flow, asset laundering, wrapped assets, stablecoin theft, smart contract dependency, security posture, white hat bounty, token price crash, decentralized exchange, atomic swap, on chain forensics, private key compromise, operational security Signal Acquired from → ambcrypto.com

Micro Crypto News Feeds

cross-chain protocol

Definition ∞ A cross-chain protocol enables communication and asset transfer between different blockchains.

security posture

Definition ∞ A security posture describes the overall state of an organization's cybersecurity defenses and its readiness to counter threats.

multi-chain liquidity

Definition ∞ Multi-chain liquidity refers to the availability of assets and trading pairs across various independent blockchain networks.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

infrastructure

Definition ∞ Infrastructure refers to the fundamental technological architecture and systems that support the operation and growth of blockchain networks and digital asset services.

token price

Definition ∞ Token price represents the current market value of a specific digital asset, typically denominated in a base currency like USD or another cryptocurrency.

decentralized

Definition ∞ Decentralized describes a system or organization that is not controlled by a single central authority.

operational security

Definition ∞ Operational security, often abbreviated as OpSec, is a process that involves protecting sensitive information from adversaries.

Tags:

Tags: