Garden Finance suffers $11M hack as compromised solver drains funds

Published: 2026-05-18 06:21:06 |

Garden Finance, a cross-chain bridge, reported an approximately $11M loss after an attacker exploited its market-maker infrastructure via a compromised solver. The team says user funds were reportedly unaffected, suggesting the vulnerability was isolated to the protocol’s operational/solving layer rather than deposited assets. Garden Finance has offered a 10% bounty for the return of the stolen funds and is seeking to understand the exploit’s root cause. Security researchers also questioned whether the “compromised solver” was truly an independent third party or connected to Garden’s internal infrastructure—an important distinction because it could point to key management or operational security failures inside the bridge. The incident underlines recurring risks across cross-chain bridges: many designs rely on centralized relayers or small trusted sets for message verification, creating single points of failure if keys or operators are compromised. Garden Finance’s hack also came around the same time as other bridge incidents, including Ronin Bridge’s $11.33M withdrawal attributed to an MEV bot, and Wormhole’s separate $322M exploit. For traders, the Garden Finance hack reinforces the market narrative that bridge-level infrastructure risk can reprice sentiment quickly. Continued investigations, bounty terms, and any confirmation about whether Garden Finance’s solver control was internal could affect short-term risk appetite toward bridge tokens and DeFi cross-chain activity.

Bearish

This is bearish because it adds another high-value failure case to the cross-chain bridge “trusted infrastructure” model. Garden Finance’s $11M loss highlights that even if user deposits remain safe, compromise of the bridge’s operational layer (solver/market-maker infrastructure) can still drain protocol funds. Similar patterns were seen in Ronin Bridge, where $11.33M was reportedly withdrawn via an MEV bot, and in Wormhole’s separate $322M exploit—both reinforced that bridges are vulnerable to key/operator compromise and off-chain/on-chain trust mismatches. Short-term, traders may reduce exposure to bridge and cross-chain DeFi risk until clarity emerges on (1) whether the compromised solver was third-party or Garden Finance-controlled, and (2) the exact key management/operational failure. The 10% bounty can partially stabilize sentiment, but it also signals an active, uncertain incident response. Long-term, repeated bridge incidents tend to compress risk appetite and can shift capital toward better-isolated architectures (e.g., stronger decentralization of verification/relaying, improved key hygiene, or reduced reliance on small trusted sets). If Garden Finance’s investigation confirms internal security lapses, market confidence in that protocol and peer systems typically weakens further, keeping a cautious tone for related sectors.