Crypto bridge Garden Finance suffers $11M hack via compromised solver

Crypto bridge Garden Finance lost about $11 million after one of its solvers was compromised. Garden says user funds were not touched. Good, assuming that holds. My take: the uncomfortable risk here is not the part traders can see on-chain. It is the machinery behind the trade.

Garden Finance said the attacker drained roughly $11 million from the protocol through a compromised solver. The team has offered a 10% bounty for the stolen funds and is asking for help working out how the exploit happened. That second part matters more than it sounds.

Bridge failures matter for BTC and ETH traders because cross-chain liquidity depends on off-chain relayers, solvers, smart contracts, and key custody working as expected. Most bridge explainers focus on smart contracts. That is only half right. If one operational layer fails, traders often get defensive before the postmortem is even written.

The attack hit Garden Finance’s solver, the market maker system that helps process cross-chain transactions. Solvers sit between blockchains and handle trade matching and execution. Garden Finance says user funds were not affected, so this appears to be an operating-layer failure rather than a customer-deposit failure. Important distinction. Not a comforting one.

Security researchers are asking a basic question: was the compromised solver an outside party, or was it part of Garden Finance’s own setup? Why does this matter? Because an external solver points to vendor or counterparty exposure, while an internal solver points toward key management, permissions, monitoring, or protocol operations.

The incident puts more pressure on crypto bridges, which already sit in an uneasy place between DeFi infrastructure and semi-custodial market plumbing. I’ll be honest: “user funds are safe” is not the full story when $11 million still leaves through a trusted execution layer. Regulators do not need a perfect argument here. They just need one obvious weak spot.

For COIN, ETH, and BTC market structure, that distinction matters. Exchanges and custodians sell institutions a controlled route into crypto. DeFi protocols sell speed and composability. They also sell always-on liquidity. Counter to the usual DeFi pitch, every bridge exploit makes regulated venues look less boring and more useful.

The source does not report any BTC, ETH, or COIN price move tied directly to the Garden Finance exploit. So the market angle is not an invented candle or a made-up percentage move. It is a risk premium issue. In plain terms: traders may start charging more mental tax for wrapped liquidity, cross-chain routing, and solver-based execution.

The adoption signal is negative but pretty plain: bridges are supposed to make crypto less fragmented. They let assets move between blockchains so traders can chase yield or better execution. Is this just infrastructure noise? No. Users may trust Bitcoin or Ethereum and still hesitate when the route requires trusting the bridge.

The Garden Finance exploit landed around the same time as another bridge incident involving Ronin Bridge, where a Maximal Extractable Value bot withdrew $11.33 million. Sky Mavis, the company behind Ronin, said core bridge reserves stayed safe. That is usually question one after a bridge incident: are the reserves still there?

Ronin already has a brutal history, including a $620 million theft linked to North Korean hackers. Wormhole had its own $322 million exploit. Those numbers do not fade quickly. We have seen this pattern before: one bridge hack becomes a fresh reminder of every old bridge hack.

For traders, the lesson is simple and irritating: every bridge transaction is a bet that the off-chain systems, keys, and smart contracts all behave under pressure. That is a lot to trust for one transaction. Too much, frankly, if you are trying to size exposure fast.

Garden Finance’s 10% bounty is meant to recover the stolen funds. But the team’s request for help understanding the root cause suggests they are still piecing together what happened. Yes, that may contradict the calmer “contained damage” framing above. Bear with me: contained losses can still create uncontained uncertainty.

What this means

Bridge risk is still one of crypto’s messiest structural problems. For ETH liquidity, BTC routed through wrapped assets, and solver-based cross-chain protocols, this is not just a chart issue. It is about trust under stress. Garden Finance lost about $11 million. Ronin and Wormhole show traders the ugly end of the loss curve: $620 million and $322 million. That sticks.

Watch Garden Finance’s next disclosures on the exploit’s root cause, any movement on the 10% bounty, and whether researchers confirm if the solver was outside infrastructure or part of Garden’s own system. On market screens, watch ETH and BTC liquidity around cross-chain protocols, COIN as a proxy for regulated venues, and the next FOMC date on June 17, 2026. My take: if risk appetite tightens, DeFi security shocks do not need to be huge to move behavior fast.