Garden hacker begins laundering $11M loot through Tornado Cash

The hacker behind last Friday’s $11 million hack on bitcoin bridge Garden has begun laundering stolen funds.

A total of over $6 million worth of ether and BNB has been deposited into Tornado Cash from the hacker’s Ethereum and BNB Chain addresses.

At the time of writing, the hacker’s EVM addresses still hold just under half a million dollars, and $1.8 million of SOL remains in their Solana account.

#CertiKInsight 🚨

The @gardenfi exploiter transferred 501 BNB and 1910 ETH, totaling ~$6.65M to @TornadoCash.

0x98BCc6c34A489CEfdD9DfA8d792CFEFb02Ea2D12 still holds ~$910k.

As a reminder, Garden Finance was exploited for ~$10.8M on 31 October due to a compromise on a solver. pic.twitter.com/iL1jFrpLNg

— CertiK Alert (@CertiKAlert) November 7, 2025

Read more: DeFi karma: Garden hacked for $11M after bridging Lazarus’ loot

The initial hack was met with little sympathy from the crypto security community. Indeed, the team received sustained criticism over its perceived unwillingness to curtail Garden’s use by hackers, including North Korea’s Lazarus Group.

At the time of the hack, Garden stressed that the bridge itself wasn’t vulnerable. The losses were instead confined to an external solver who appeared to have suffered a private key compromise.

Blockchain investigators, however, remained unconvinced of the solver’s independence.

Read more: Richard Heart allegedly funnels $500M in ETH through Tornado Cash

Privacy tools or on-chain laundromats?

The transfers, flagged by blockchain security firm Certik, show funds flowing to the crypto mixing tool Tornado Cash in order to obscure their onward trajectory.

Mixers have long been controversial. They are seen by advocates as critical to maintain financial privacy on an otherwise transparent ledger.

Conversely, authorities have gone after developers for their use in obscuring illicit funds and money laundering.

Users deposit fixed numbers of tokens to avoid matching deposit and withdrawal amounts between addresses. However, users must exercise caution over when they choose to use a mixer as similar total amounts within similar periods can be matched to “deanonymize” usage.

Read more: ZachXBT cracks Railgun privacy to expose Bittensor hacker

Blockchain addresses linked to Tornado Cash were sanctioned by the US Treasury in 2022; restrictions were lifted earlier this year.

Despite this, and it being a non-custodial mixer, co-founder Roman Storm was found guilty of conspiracy to operate an unlicensed money-transmitting business in August of this year.

Keonne Rodriguez, co-developer of Bitcoin-based equivalent Samourai Wallet was yesterday sentenced to five years for the same charge.

Similar platforms include Railgun and Privacy Pools, though both have features to prove legitimacy of withdrawals.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.