Security

SwissBorg Solana Earn Compromised by Kiln API Manipulation

A compromised third-party staking API enabled attackers to siphon $41 million in Solana, exposing critical supply chain risks.
September 16, 20253 min

A close-up reveals an intricate assembly of silver modular computing units and prominent blue mechanical components, interconnected by various rods and wires. The shallow depth of field highlights the central blue mechanism, emphasizing the precision engineering of this complex system
The image displays a series of interconnected, translucent blue spheres, some with a textured surface, forming a chain-like structure against a soft grey background. From a prominent central sphere, multiple metallic, rod-like probes extend outwards, suggesting intricate connectivity

Briefing

The SwissBorg SOL Earn program experienced a significant security incident, resulting in the loss of approximately $41 million in Solana tokens. This breach originated from a vulnerability within the API of Kiln, a critical staking partner. Attackers exploited this API to manipulate transaction requests, redirecting 193,000 SOL from SwissBorg’s user funds to an exploiter-controlled wallet. This event highlights the systemic risks associated with third-party dependencies in decentralized finance operations.

A spherical object dominates the frame, split into halves. The left half is white, textured, and fractured, featuring a smooth metallic button at its center the right half displays a highly structured, metallic, segmented exterior, revealing a glowing blue core of geometric blocks

Context

Before this incident, the digital asset ecosystem recognized the inherent risks of integrating external services and APIs, particularly in yield-generating protocols. Centralized points of failure, such as compromised third-party infrastructure, remained a persistent attack surface. Protocols often focused on smart contract audits, sometimes overlooking the broader security posture of their integrated partners. This incident underscores the ongoing challenge of securing the entire supply chain of a DeFi product.

A luminous blue cube is integrated with a detailed, multi-faceted white and blue technological construct, exposing a central circular component surrounded by fine blue wiring. This abstract representation embodies the convergence of cryptographic principles and blockchain architecture, highlighting the sophisticated mechanisms behind digital asset transfer and network consensus

Analysis

The attack vector leveraged a compromised API belonging to Kiln, SwissBorg’s staking infrastructure provider. The attackers gained unauthorized control over Kiln’s API, which acted as the communication bridge between SwissBorg’s application and the Solana staking network. Through this access, they manipulated legitimate requests, diverting user funds from the SOL Earn program.

This attack circumvented direct smart contract vulnerabilities within SwissBorg, instead exploiting a critical external dependency. The chain of cause and effect began with the API compromise, leading to unauthorized transaction signing and subsequent fund exfiltration to a designated exploiter wallet on the Solana blockchain.

A striking abstract composition features a luminous, translucent blue mass, appearing fluid and organic, intricately contained within a complex web of silver-grey metallic wires. The background is a soft, neutral grey, highlighting the central object's vibrant blue and metallic sheen

Parameters

  • Exploited ProtocolSwissBorg SOL Earn Program
  • Attack Vector → Third-party API Compromise (Kiln)
  • Financial Impact → $41 Million (193,000 SOL)
  • Affected BlockchainSolana
  • Affected Assets → Solana (SOL)
  • Attacker Wallet (Solscan Label) → SwissBorg Exploiter
  • Reimbursement Plan → SwissBorg will use treasury funds to reimburse affected users

The image displays an abstract composition of frosted, textured grey-white layers partially obscuring a vibrant, deep blue interior. Parallel lines and a distinct organic opening within the layers create a sense of depth and reveal the luminous blue

Outlook

Immediate mitigation requires a thorough audit of all third-party API integrations and enhanced access control mechanisms. Protocols must implement robust vendor risk management frameworks to assess and monitor the security posture of their partners. This incident will likely establish new best practices for external dependency security, emphasizing real-time API monitoring and kill-switch capabilities. The broader implication is a heightened awareness of supply chain attacks across the DeFi landscape, necessitating a shift towards more resilient, compartmentalized architectures.

The image displays a complex, cross-shaped structure of four transparent, blue-tinted hexagonal rods intersecting at its center. This central assembly is set against a blurred background of a larger, intricate blue and silver mechanical apparatus, suggesting a deep operational core

Verdict

The SwissBorg incident decisively underscores the critical importance of securing external API integrations, highlighting that a protocol’s security perimeter extends beyond its own codebase to encompass its entire operational supply chain.

Signal Acquired from → Cointelegraph

Micro Crypto News Feeds

security incident

Definition ∞ A security incident is an event that compromises the confidentiality, integrity, or availability of digital assets, systems, or data.

security posture

Definition ∞ A security posture describes the overall state of an organization's cybersecurity defenses and its readiness to counter threats.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

external dependency

Definition ∞ An external dependency denotes a reliance on an outside system, service, or component for a particular digital asset or protocol to function correctly.

swissborg

Definition ∞ SwissBorg is a digital asset wealth management platform that offers users a streamlined way to invest in and manage cryptocurrencies.

api compromise

Definition ∞ An API compromise occurs when an unauthorized party gains access to an Application Programming Interface.

solana

Definition ∞ Solana is a high-performance blockchain platform designed to support decentralized applications and cryptocurrencies with exceptional speed and low transaction costs.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

funds

Definition ∞ Funds, in the context of digital assets, refer to pools of capital pooled together for investment in cryptocurrencies, tokens, or other digital ventures.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

Tags:

Tags: