Skip to main content
Security

SwissBorg Solana Earn Compromised by Kiln API Manipulation

A compromised third-party staking API enabled attackers to siphon $41 million in Solana, exposing critical supply chain risks.
September 16, 20253 min

A pristine white spherical core, featuring a prominent blue glowing ring, is centrally positioned within a complex, futuristic grey and blue modular structure. The surrounding framework consists of interlocking geometric blocks and luminous translucent blue components, suggesting intricate data pathways and energy flow
A striking blue crystalline structure, interspersed with clear, rectangular elements, emerges from a wavy, dark blue body of water under a light blue sky. White, foamy masses cling to the base and upper parts of the formation, suggesting dynamic interaction with the water

Briefing

The SwissBorg SOL Earn program experienced a significant security incident, resulting in the loss of approximately $41 million in Solana tokens. This breach originated from a vulnerability within the API of Kiln, a critical staking partner. Attackers exploited this API to manipulate transaction requests, redirecting 193,000 SOL from SwissBorg’s user funds to an exploiter-controlled wallet. This event highlights the systemic risks associated with third-party dependencies in decentralized finance operations.

A futuristic mechanical apparatus, composed of polished silver and deep blue elements, is depicted in motion, intricately intertwined with a vibrant, translucent blue liquid. The liquid appears to flow around and through the device's central components, suggesting an active and integral interaction

Context

Before this incident, the digital asset ecosystem recognized the inherent risks of integrating external services and APIs, particularly in yield-generating protocols. Centralized points of failure, such as compromised third-party infrastructure, remained a persistent attack surface. Protocols often focused on smart contract audits, sometimes overlooking the broader security posture of their integrated partners. This incident underscores the ongoing challenge of securing the entire supply chain of a DeFi product.

A close-up view reveals a high-tech device featuring a silver-grey metallic casing with prominent dark blue internal components and accents. A central, faceted blue translucent element glows brightly, suggesting active processing or energy flow within the intricate machinery

Analysis

The attack vector leveraged a compromised API belonging to Kiln, SwissBorg’s staking infrastructure provider. The attackers gained unauthorized control over Kiln’s API, which acted as the communication bridge between SwissBorg’s application and the Solana staking network. Through this access, they manipulated legitimate requests, diverting user funds from the SOL Earn program.

This attack circumvented direct smart contract vulnerabilities within SwissBorg, instead exploiting a critical external dependency. The chain of cause and effect began with the API compromise, leading to unauthorized transaction signing and subsequent fund exfiltration to a designated exploiter wallet on the Solana blockchain.

A close-up perspective showcases an array of blue and grey technological components arranged in a dense, interconnected grid. Visible data lines and modular blocks suggest a sophisticated electronic system designed for high-performance operations

Parameters

  • Exploited ProtocolSwissBorg SOL Earn Program
  • Attack Vector ∞ Third-party API Compromise (Kiln)
  • Financial Impact ∞ $41 Million (193,000 SOL)
  • Affected BlockchainSolana
  • Affected Assets ∞ Solana (SOL)
  • Attacker Wallet (Solscan Label) ∞ SwissBorg Exploiter
  • Reimbursement Plan ∞ SwissBorg will use treasury funds to reimburse affected users

A close-up view reveals two complex, futuristic mechanical components connecting, generating a bright blue energy discharge at their interface. The structures feature white and grey outer plating, exposing intricate dark internal mechanisms illuminated by subtle blue lights and the central energy burst

Outlook

Immediate mitigation requires a thorough audit of all third-party API integrations and enhanced access control mechanisms. Protocols must implement robust vendor risk management frameworks to assess and monitor the security posture of their partners. This incident will likely establish new best practices for external dependency security, emphasizing real-time API monitoring and kill-switch capabilities. The broader implication is a heightened awareness of supply chain attacks across the DeFi landscape, necessitating a shift towards more resilient, compartmentalized architectures.

The image displays a detailed view of a futuristic mechanical arm, composed of translucent and matte blue segments with polished silver accents. This intricate design, highlighting precision engineering, evokes the complex operational frameworks within the cryptocurrency ecosystem

Verdict

The SwissBorg incident decisively underscores the critical importance of securing external API integrations, highlighting that a protocol’s security perimeter extends beyond its own codebase to encompass its entire operational supply chain.

Signal Acquired from ∞ Cointelegraph

Micro Crypto News Feeds

security incident

Definition ∞ A security incident is an event that compromises the confidentiality, integrity, or availability of digital assets, systems, or data.

security posture

Definition ∞ A security posture describes the overall state of an organization's cybersecurity defenses and its readiness to counter threats.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

external dependency

Definition ∞ An external dependency denotes a reliance on an outside system, service, or component for a particular digital asset or protocol to function correctly.

swissborg

Definition ∞ SwissBorg is a digital asset wealth management platform that offers users a streamlined way to invest in and manage cryptocurrencies.

api compromise

Definition ∞ An API compromise occurs when an unauthorized party gains access to an Application Programming Interface.

solana

Definition ∞ Solana is a high-performance blockchain platform designed to support decentralized applications and cryptocurrencies with exceptional speed and low transaction costs.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

funds

Definition ∞ Funds, in the context of digital assets, refer to pools of capital pooled together for investment in cryptocurrencies, tokens, or other digital ventures.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

Tags:

Tags: