On-chain investigator ZachXBT has accused decentralized finance (DeFi) protocol Garden Finance of earning over 80% of its recent $300,000 in fees from laundering funds stolen in the record-breaking $1.4 billion Bybit hack.
The accusation, claimed on X earlier today, has gained notable attention from the crypto community, with it raising urgent questions about the integrity of decentralized platforms and their role in illicit financial flows.
The Bybit hack, which occurred on February 21, 2025, saw North Korean state-sponsored hackers from the Lazarus Group exploit vulnerabilities in Bybit’s multi-signature authentication process. The attackers reportedly siphoned off 401,347 Ethereum (ETH), valued at over $1.4 billion, using fraudulent approvals to bypass security measures.
Now replying to the claim by Garden Finance co-founder Jaz Gulati about $4 million in total fees, ZachXBT alleges that the majority of the protocol’s recent earnings stem from those illicit funds.
Garden Finance is a community-driven DeFi protocol designed to facilitate fast and secure cross-chain Bitcoin swaps, completing transactions in as little as 30 seconds. Built on an intents-based architecture with trustless settlements, it promises zero custody risk for users. The platform has processed over $1 billion in transaction volume and positioned itself as a leader in Bitcoin bridging. However, this recent association with illicit funds has cast a shadow over its reputation.
However, Jaz Gulati countered ZachXBT’s claims, asserting that 30 BTC in fees were collected before the hack, but the investigator doubled down, citing additional links to other DPRK-related hacks, including WazirX.
The exchange has since escalated into a public spat, with Gulati defending the protocol’s decentralized nature while critics label the situation as “dirty money finding dirty hands.”
As regulators worldwide eye tighter oversight of crypto, ZachXBT’s findings could prompt legal scrutiny. This revelation also raises questions about whether platforms facilitating such flows might be deemed accomplices.
Also read: CoinMarketCap Confirms Removal of Malicious Wallet Scam Popup
