Security

SwissBorg Solana Earn Compromised by Kiln API Manipulation

A compromised third-party staking API enabled attackers to siphon $41 million in Solana, exposing critical supply chain risks.
September 16, 20253 min

The image displays a series of interconnected, translucent blue spheres, some with a textured surface, forming a chain-like structure against a soft grey background. From a prominent central sphere, multiple metallic, rod-like probes extend outwards, suggesting intricate connectivity
The image displays a central, textured blue and white spherical object, encircled by multiple metallic rings. A smooth white sphere floats to its left, while two clear ice-like cubes rest on its upper surface

Briefing

The SwissBorg SOL Earn program experienced a significant security incident, resulting in the loss of approximately $41 million in Solana tokens. This breach originated from a vulnerability within the API of Kiln, a critical staking partner. Attackers exploited this API to manipulate transaction requests, redirecting 193,000 SOL from SwissBorg’s user funds to an exploiter-controlled wallet. This event highlights the systemic risks associated with third-party dependencies in decentralized finance operations.

Two futuristic, white cylindrical components are depicted in close proximity, appearing to connect or exchange data. The right component's intricate core emits numerous fine, glowing strands surrounded by small, luminous particles, suggesting active data transmission between the modules

Context

Before this incident, the digital asset ecosystem recognized the inherent risks of integrating external services and APIs, particularly in yield-generating protocols. Centralized points of failure, such as compromised third-party infrastructure, remained a persistent attack surface. Protocols often focused on smart contract audits, sometimes overlooking the broader security posture of their integrated partners. This incident underscores the ongoing challenge of securing the entire supply chain of a DeFi product.

A highly detailed render showcases a central metallic cylindrical object, intricately designed with internal spokes. This core component is partially enveloped by a dynamic blue liquid-like substance and a textured white granular material, resembling frost or accumulated particles

Analysis

The attack vector leveraged a compromised API belonging to Kiln, SwissBorg’s staking infrastructure provider. The attackers gained unauthorized control over Kiln’s API, which acted as the communication bridge between SwissBorg’s application and the Solana staking network. Through this access, they manipulated legitimate requests, diverting user funds from the SOL Earn program.

This attack circumvented direct smart contract vulnerabilities within SwissBorg, instead exploiting a critical external dependency. The chain of cause and effect began with the API compromise, leading to unauthorized transaction signing and subsequent fund exfiltration to a designated exploiter wallet on the Solana blockchain.

A close-up reveals an intricate mechanical system featuring two modular units, with the foreground unit exposing precision gears, metallic plates, and a central white geometric component within a brushed metal casing. Multi-colored wires connect the modules, which are integrated into a blue structural frame alongside additional mechanical components and a ribbed metallic adjustment knob

Parameters

  • Exploited ProtocolSwissBorg SOL Earn Program
  • Attack Vector → Third-party API Compromise (Kiln)
  • Financial Impact → $41 Million (193,000 SOL)
  • Affected BlockchainSolana
  • Affected Assets → Solana (SOL)
  • Attacker Wallet (Solscan Label) → SwissBorg Exploiter
  • Reimbursement Plan → SwissBorg will use treasury funds to reimburse affected users

A close-up perspective highlights a translucent, deep blue, organic-shaped material encasing metallic, cylindrical components. The prominent foreground component is a precision-machined silver cylinder with fine grooves and a central pin-like extension

Outlook

Immediate mitigation requires a thorough audit of all third-party API integrations and enhanced access control mechanisms. Protocols must implement robust vendor risk management frameworks to assess and monitor the security posture of their partners. This incident will likely establish new best practices for external dependency security, emphasizing real-time API monitoring and kill-switch capabilities. The broader implication is a heightened awareness of supply chain attacks across the DeFi landscape, necessitating a shift towards more resilient, compartmentalized architectures.

Polished blue and metallic mechanical components integrate with a translucent, organic-like network structure, featuring a glowing blue conduit. This intricate visual symbolizes advanced blockchain architecture and the underlying distributed ledger technology DLT powering modern web3 infrastructure

Verdict

The SwissBorg incident decisively underscores the critical importance of securing external API integrations, highlighting that a protocol’s security perimeter extends beyond its own codebase to encompass its entire operational supply chain.

Signal Acquired from → Cointelegraph

Micro Crypto News Feeds

security incident

Definition ∞ A security incident is an event that compromises the confidentiality, integrity, or availability of digital assets, systems, or data.

security posture

Definition ∞ A security posture describes the overall state of an organization's cybersecurity defenses and its readiness to counter threats.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

external dependency

Definition ∞ An external dependency denotes a reliance on an outside system, service, or component for a particular digital asset or protocol to function correctly.

swissborg

Definition ∞ SwissBorg is a digital asset wealth management platform that offers users a streamlined way to invest in and manage cryptocurrencies.

api compromise

Definition ∞ An API compromise occurs when an unauthorized party gains access to an Application Programming Interface.

solana

Definition ∞ Solana is a high-performance blockchain platform designed to support decentralized applications and cryptocurrencies with exceptional speed and low transaction costs.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

funds

Definition ∞ Funds, in the context of digital assets, refer to pools of capital pooled together for investment in cryptocurrencies, tokens, or other digital ventures.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

Tags:

Tags: