Skip to main content
Security

SwissBorg Solana Earn Compromised by Kiln API Manipulation

A compromised third-party staking API enabled attackers to siphon $41 million in Solana, exposing critical supply chain risks.
September 16, 20253 min

Two futuristic, modular white components are shown in close connection, revealing glowing blue internal mechanisms against a dark blue background with blurred, ethereal shapes. This visual emphasizes the complex protocol integration essential for robust blockchain interoperability and scalable network architecture
A central mass of deep blue, textured material is partially covered and intermingled with a lighter, almost white, powdery substance. This formation is cradled within a polished, metallic structure composed of parallel bars and supports

Briefing

The SwissBorg SOL Earn program experienced a significant security incident, resulting in the loss of approximately $41 million in Solana tokens. This breach originated from a vulnerability within the API of Kiln, a critical staking partner. Attackers exploited this API to manipulate transaction requests, redirecting 193,000 SOL from SwissBorg’s user funds to an exploiter-controlled wallet. This event highlights the systemic risks associated with third-party dependencies in decentralized finance operations.

A sleek, metallic cylindrical structure with segmented panels is prominently displayed, revealing a vibrant blue energy core and a central burst of light particles. White, cloud-like formations interweave with the polished metal, suggesting a complex interplay of elements

Context

Before this incident, the digital asset ecosystem recognized the inherent risks of integrating external services and APIs, particularly in yield-generating protocols. Centralized points of failure, such as compromised third-party infrastructure, remained a persistent attack surface. Protocols often focused on smart contract audits, sometimes overlooking the broader security posture of their integrated partners. This incident underscores the ongoing challenge of securing the entire supply chain of a DeFi product.

The image displays an abstract winter scene featuring various geometric shapes, birch logs, and spheres, all partially covered in snow and reflected on a pristine surface. Dominant colors are deep blue and white, creating a clean, modern aesthetic

Analysis

The attack vector leveraged a compromised API belonging to Kiln, SwissBorg’s staking infrastructure provider. The attackers gained unauthorized control over Kiln’s API, which acted as the communication bridge between SwissBorg’s application and the Solana staking network. Through this access, they manipulated legitimate requests, diverting user funds from the SOL Earn program.

This attack circumvented direct smart contract vulnerabilities within SwissBorg, instead exploiting a critical external dependency. The chain of cause and effect began with the API compromise, leading to unauthorized transaction signing and subsequent fund exfiltration to a designated exploiter wallet on the Solana blockchain.

A highly reflective, abstract metallic object, resembling a fluid digital asset, is partially submerged in tranquil blue water, flanked by intricate white and blue icy formations. This striking imagery symbolizes the dynamic landscape of decentralized finance, where a new digital asset or token emerges from a liquidity pool

Parameters

  • Exploited Protocol ∞ SwissBorg SOL Earn Program
  • Attack VectorThird-party API Compromise (Kiln)
  • Financial Impact ∞ $41 Million (193,000 SOL)
  • Affected Blockchain ∞ Solana
  • Affected AssetsSolana (SOL)
  • Attacker Wallet (Solscan Label) ∞ SwissBorg Exploiter
  • Reimbursement Plan ∞ SwissBorg will use treasury funds to reimburse affected users

The image displays a complex abstract structure composed of reflective metallic and transparent glass-like elements. Vibrant blue and soft white cloud-like formations emanate and flow through its geometric openings and channels, with spherical objects integrated within the dynamic masses

Outlook

Immediate mitigation requires a thorough audit of all third-party API integrations and enhanced access control mechanisms. Protocols must implement robust vendor risk management frameworks to assess and monitor the security posture of their partners. This incident will likely establish new best practices for external dependency security, emphasizing real-time API monitoring and kill-switch capabilities. The broader implication is a heightened awareness of supply chain attacks across the DeFi landscape, necessitating a shift towards more resilient, compartmentalized architectures.

A close-up view highlights a futuristic in-ear monitor, featuring a translucent deep blue inner casing with intricate internal components and clear outer shell. Polished silver metallic connectors are visible, contrasting against the blue and transparent materials, set against a soft grey background

Verdict

The SwissBorg incident decisively underscores the critical importance of securing external API integrations, highlighting that a protocol’s security perimeter extends beyond its own codebase to encompass its entire operational supply chain.

Signal Acquired from ∞ Cointelegraph

Glossary

security incident

Definition ∞ A security incident is an event that compromises the confidentiality, integrity, or availability of digital assets, systems, or data.

security posture

**: Single sentence, maximum 130 characters, core research breakthrough.

attack vector

Attackers leveraged fake contracts and disguised approvals to compromise a multi-signature wallet, resulting in significant asset loss.

smart contract

This research integrates large language models with formal verification to automatically generate precise properties, fundamentally enhancing smart contract security.

third-party

Definition ∞ A 'third-party' in the cryptocurrency ecosystem is an entity or individual that is not directly involved in a specific transaction or protocol interaction but plays a role in facilitating or verifying it.

blockchain

Definition ∞ A blockchain is a distributed, immutable ledger that records transactions across numerous interconnected computers.

solana

Definition ∞ Solana is a high-performance blockchain platform designed to support decentralized applications and cryptocurrencies with exceptional speed and low transaction costs.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

funds

Definition ∞ Funds, in the context of digital assets, refer to pools of capital pooled together for investment in cryptocurrencies, tokens, or other digital ventures.

supply chain

Attackers compromise widely used JavaScript packages, replacing legitimate crypto transaction destinations with malicious addresses, posing an immediate threat to asset integrity.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

Tags:

Tags: