Skip to main content
Security

SwissBorg SOL Earn Suffers $41 Million API Compromise

An exploited third-party API allowed attackers to manipulate staking requests, resulting in a significant capital drain from the SOL Earn program.
September 16, 20253 min

A sculptural object, rendered in deep blue translucent material and intricate white textured layers, is precisely split down its vertical axis. This division reveals the complex, organic internal stratification of the piece, resembling geological formations or fluid dynamics
A sleek, white, modular, futuristic device, partially submerged in calm, dark blue water. Its illuminated interior, revealing intricate blue glowing gears and digital components, actively expels a vigorous stream of water, creating significant surface ripples and foam

Briefing

SwissBorg’s SOL Earn program experienced a significant security incident on September 8, 2025, due to a compromised API belonging to its staking partner, Kiln. This external vulnerability enabled threat actors to siphon approximately 193,000 SOL, valued at $41 million, from user funds. The attack highlights critical risks associated with third-party integrations in decentralized finance. SwissBorg has committed to fully reimburse affected users from its treasury, mitigating direct user losses.

The image displays an intricate arrangement of electronic components, characterized by metallic silver and dark grey modules intertwined with translucent blue and clear tubular structures. This complex hardware configuration evokes the sophisticated infrastructure underpinning modern cryptocurrency networks

Context

The prevailing security posture in the DeFi ecosystem consistently faces risks from external dependencies and API vulnerabilities. Centralized points of failure, even within a decentralized framework, represent attractive attack surfaces. Protocols leveraging third-party staking or yield-generating services must maintain rigorous oversight of integrated partners’ security architectures. This incident underscores the inherent dangers when a protocol’s operational security relies on the robustness of external application programming interfaces.

Three textured, translucent blocks, varying in height and displaying a blue gradient, stand in rippled water under a full moon. The blocks transition from clear at the top to deep blue at their base, reflecting in the surrounding liquid

Analysis

The incident’s technical mechanics involved the compromise of Kiln’s API, a staking infrastructure provider. SwissBorg’s application utilized this API to facilitate communication with Solana’s staking network. Attackers successfully manipulated requests transmitted through this software bridge, enabling unauthorized fund transfers.

This chain of cause and effect demonstrates an attacker’s ability to leverage a trusted connection to bypass internal controls, ultimately draining assets from the associated external wallet within the SOL Earn program. The vulnerability resided in the API’s integrity, allowing malicious instructions to execute as legitimate operations.

An abstract, dark, multi-layered object with intricate, organic-like cutouts is depicted, covered and surrounded by a multitude of small, glowing blue and white particles. These particles appear to flow dynamically across its surface and through its internal structures, creating a sense of movement and digital interaction

Parameters

  • Exploited Protocol ∞ SwissBorg SOL Earn Program
  • Vulnerability ∞ Third-party API Compromise (Kiln)
  • Financial Impact ∞ $41 Million (193,000 SOL)
  • Blockchain Affected ∞ Solana
  • Date of Incident ∞ September 8, 2025
  • Affected Component ∞ External DeFi wallet linked to staking partner
  • On-chain Forensics ∞ Draining of 193,000 SOL via manipulated API requests
  • Initial Reporter ∞ ZachXBT

The image displays a sophisticated, angular device featuring a metallic silver frame and translucent, flowing blue internal components. A distinct white "1" is visible on one of the blue elements

Outlook

Immediate mitigation for users involved in similar programs requires verifying the security posture of all integrated third-party services. This incident will likely establish new best practices for auditing and continuous monitoring of external APIs, particularly for staking and yield protocols. Contagion risk exists for other platforms relying on similar third-party infrastructure without adequate security vetting. Proactive security measures must include enhanced API security protocols and comprehensive due diligence on all external partners to prevent similar exploits.

The SwissBorg API compromise serves as a critical reminder that the security of integrated third-party services directly impacts the integrity of primary DeFi platforms, necessitating robust external vendor risk management.

Signal Acquired from ∞ Cointelegraph

Tags:

Tags: