Security

SwissBorg Solana Earn Compromised by Kiln API Manipulation

A compromised third-party staking API enabled attackers to siphon $41 million in Solana, exposing critical supply chain risks.
September 16, 20253 min

A stark white sphere, intersected by a slender white rod, is enveloped by a dense arrangement of multifaceted dark blue and vibrant blue crystalline structures. This composition evokes the intricate workings of blockchain oracles, essential components for connecting smart contracts to real-world data
A complex abstract composition features dark, circular metallic elements and silver, ribbed cylindrical components centrally arranged, enveloped by a dynamic, translucent stream of blue-tinted liquid or crystalline structures. Sharp, faceted blue crystal formations are embedded within this flowing medium, all set against a soft, light gray background

Briefing

The SwissBorg SOL Earn program experienced a significant security incident, resulting in the loss of approximately $41 million in Solana tokens. This breach originated from a vulnerability within the API of Kiln, a critical staking partner. Attackers exploited this API to manipulate transaction requests, redirecting 193,000 SOL from SwissBorg’s user funds to an exploiter-controlled wallet. This event highlights the systemic risks associated with third-party dependencies in decentralized finance operations.

An intricate, silver-toned mechanical device with finely detailed gears and structural fins dominates the frame, while a vibrant, crystalline blue substance flows dynamically through its transparent central channel. The metallic components suggest a robust, engineered system, contrasting with the fluid, energetic movement of the blue material

Context

Before this incident, the digital asset ecosystem recognized the inherent risks of integrating external services and APIs, particularly in yield-generating protocols. Centralized points of failure, such as compromised third-party infrastructure, remained a persistent attack surface. Protocols often focused on smart contract audits, sometimes overlooking the broader security posture of their integrated partners. This incident underscores the ongoing challenge of securing the entire supply chain of a DeFi product.

A close-up reveals an intricate mechanical system featuring two modular units, with the foreground unit exposing precision gears, metallic plates, and a central white geometric component within a brushed metal casing. Multi-colored wires connect the modules, which are integrated into a blue structural frame alongside additional mechanical components and a ribbed metallic adjustment knob

Analysis

The attack vector leveraged a compromised API belonging to Kiln, SwissBorg’s staking infrastructure provider. The attackers gained unauthorized control over Kiln’s API, which acted as the communication bridge between SwissBorg’s application and the Solana staking network. Through this access, they manipulated legitimate requests, diverting user funds from the SOL Earn program.

This attack circumvented direct smart contract vulnerabilities within SwissBorg, instead exploiting a critical external dependency. The chain of cause and effect began with the API compromise, leading to unauthorized transaction signing and subsequent fund exfiltration to a designated exploiter wallet on the Solana blockchain.

A detailed view presents a dark, multi-faceted mechanical component at its core, surrounded by a light blue, textured material resembling fine particles. A bright, translucent blue fluid dynamically twists and flows around this central element, creating a striking visual contrast

Parameters

  • Exploited ProtocolSwissBorg SOL Earn Program
  • Attack Vector → Third-party API Compromise (Kiln)
  • Financial Impact → $41 Million (193,000 SOL)
  • Affected BlockchainSolana
  • Affected Assets → Solana (SOL)
  • Attacker Wallet (Solscan Label) → SwissBorg Exploiter
  • Reimbursement Plan → SwissBorg will use treasury funds to reimburse affected users

A high-resolution close-up showcases a clear, transparent component featuring intricate internal blue structures, seamlessly integrated with a broader system of dark blue and metallic elements. The component is angled, highlighting its detailed design and the reflective qualities of its materials

Outlook

Immediate mitigation requires a thorough audit of all third-party API integrations and enhanced access control mechanisms. Protocols must implement robust vendor risk management frameworks to assess and monitor the security posture of their partners. This incident will likely establish new best practices for external dependency security, emphasizing real-time API monitoring and kill-switch capabilities. The broader implication is a heightened awareness of supply chain attacks across the DeFi landscape, necessitating a shift towards more resilient, compartmentalized architectures.

A striking translucent blue X-shaped object, with faceted edges and internal structures, is prominently displayed. Silver metallic cylindrical connectors are integrated at its center, securing the four arms of the 'X' against a soft, blurred blue and white background

Verdict

The SwissBorg incident decisively underscores the critical importance of securing external API integrations, highlighting that a protocol’s security perimeter extends beyond its own codebase to encompass its entire operational supply chain.

Signal Acquired from → Cointelegraph

Micro Crypto News Feeds

security incident

Definition ∞ A security incident is an event that compromises the confidentiality, integrity, or availability of digital assets, systems, or data.

security posture

Definition ∞ A security posture describes the overall state of an organization's cybersecurity defenses and its readiness to counter threats.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

external dependency

Definition ∞ An external dependency denotes a reliance on an outside system, service, or component for a particular digital asset or protocol to function correctly.

swissborg

Definition ∞ SwissBorg is a digital asset wealth management platform that offers users a streamlined way to invest in and manage cryptocurrencies.

api compromise

Definition ∞ An API compromise occurs when an unauthorized party gains access to an Application Programming Interface.

solana

Definition ∞ Solana is a high-performance blockchain platform designed to support decentralized applications and cryptocurrencies with exceptional speed and low transaction costs.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

funds

Definition ∞ Funds, in the context of digital assets, refer to pools of capital pooled together for investment in cryptocurrencies, tokens, or other digital ventures.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

Tags:

Tags: