On Friday, blockchain security sleuth ZachXBT accused Garden Finance, a DeFi platform, of accepting illicit funds linked to North Korea’s Lazarus Group. The claims came after co-founder Jaz Gulati posted a snapshot of Garden’s Dune Analytics dashboard on X, boasting that it had collected $300,000 in fees over 12 days. ZachXBT responded to the post, bashing Garden of supporting Chinese-based laundering operations that helped move funds stolen in the Bybit hack by the Lazarus Group. “ You conveniently left out >80% of your fees came from Chinese launderers moving Lazarus Group funds from the Bybit hack ,” he reckoned. “ Who are you building for again? ” Crypto security analyst questions dashboard data According to the Dune dashboard, as of June 19, Garden Finance had processed 24,984 BTC in total volume, equal to approximately $1.5 billion in USD value, through over 40,000 atomic swaps. The platform’s largest swap to date was 10 BTC, while total reported fees collected stood at 40.11 BTC. Responding to ZachXBT’s claims, Gulati argued that “30 BTC fees came before the hack even happened,” attaching a Discord screenshot dated October 24, 2024, showing roughly 30 BTC in fees. this is great analysis since 30 BTC fees came before the hack even happened pic.twitter.com/C6A5F3BLsd — Jaz 🌸 (@jzgulati) June 21, 2025 The on-chain sleuth noted that he hadn’t even mentioned funds from “other DPRK hacks yet, like WazirX,” bashing the DeFi protocol for failing to flag the hackers’ transactions. Bybit’s hack, which occurred on February 21, 2025, involved a breach of the exchange’s cold wallet. Nearly $1.5 billion in Ethereum was siphoned from user accounts after attackers compromised a developer working on SAFE Wallet, a platform used by Bybit customers, five days ahead of the exploit. Several analysts, including ZachXBT, traced the stolen funds to laundering networks operating through DeFi bridges to the Lazarus Group . Gulati lambasted the blockchain security analyst by saying he was speaking from a point of “misinformation.” ZachXBT then asked : “ Explain how it is ‘decentralized’ when I watched in real time for multiple days as a single entity kept topping up liquidity from Coinbase for the Chinese launderers as they continued moving Bybit funds? ” explain how it is “decentralized” when I watched in real time for multiple days as a single entity kept topping up cbBTC liquidity from Coinbase for the Chinese launderers as they continued moving Bybit funds? — ZachXBT (@zachxbt) June 21, 2025 The developer is yet to respond to the question. Who helped Lazarus in the $230 million WazirX hack? In his accusations against Gulati, ZachXBT talked about the attack on WazirX , an Indian crypto exchange, where the Lazarus Group reportedly stole more than $230 million in crypto. That hack, which took place on July 18, 2024, was executed through forged smart contract signatures used to bypass WazirX’s multisig wallet protections. Hackers drained funds within an hour of gaining access. Similar to the Bybit case, investigators traced the exploit to North Korea’s Lazarus Group. Authorities in Japan, the United States, and South Korea later issued a joint cybersecurity alert identifying similar tactics used across both attacks. The group reportedly used social engineering, phishing, TraderTraitor and AppleJeus malware to target developer workstations and compromise their infrastructure. Crypto stolen in both hacks was subsequently laundered across decentralized platforms, often using mixers to obscure transaction trails. Garden Finance’s dashboard shows there was a spike in Bitcoin swaps between May and June 2025, with individual daily volumes peaking near 90 transactions in wrapped Bitcoin assets. The chart lists swaps by chain-token combinations such as base-cbBTC, ethereum-WBTC, and arbitrum-WBTC, with base-cbBTC recording the highest usage statistics. cbBTC, a wrapped Bitcoin asset pegged to Coinbase BTC, was mentioned by ZachXBT in his attack on Garden Finance, propounding that the platform was party to the untraceable movements of illicit funds from DPRK hackers . Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
