Security

SwissBorg Solana Earn Program Compromised via Third-Party API

An exploited staking partner API allowed attackers to siphon $41 million in SOL, highlighting critical supply chain risks in DeFi integrations.
September 16, 20252 min

A detailed close-up showcases a high-tech, modular hardware device, predominantly in silver-grey and vibrant blue. The right side prominently features a multi-ringed lens or sensor array, while the left reveals intricate mechanical components and a translucent blue element
A detailed close-up reveals a complex array of blue metallic circuitry and interconnected components, featuring numerous data conduits and intricate processing units. The shallow depth of field highlights the foreground's dense technological architecture against a blurred white background

Briefing

SwissBorg’s Solana Earn program suffered a significant security incident on September 8, 2025, resulting in the theft of approximately 193,000 SOL tokens, valued at $41 million. The breach originated from a compromised API belonging to Kiln, a staking infrastructure partner, enabling unauthorized fund withdrawals from user deposits. This incident underscores the inherent risks associated with integrating third-party services into decentralized finance ecosystems. SwissBorg has committed to fully reimbursing all affected users from its treasury.

Two highly detailed, metallic cylindrical mechanisms, each with finely grooved exteriors and glowing blue inner workings, are dynamically encased within a flowing, translucent, ethereal medium. This abstract composition suggests a powerful interplay of precision engineering and fluid dynamics, rendered with a cool, technological aesthetic

Context

Prior to this event, the digital asset landscape consistently presented a broad attack surface, particularly within DeFi protocols leveraging external services. Integrations with third-party APIs introduce expanded vectors for compromise, often overlooked in smart contract-centric security models. Centralized points of failure within decentralized systems, such as administrative keys or compromised API endpoints, frequently expose protocols to substantial financial risk.

This close-up view reveals a high-tech modular device, showcasing a combination of brushed metallic surfaces and translucent blue elements that expose intricate internal mechanisms. A blue cable connects to a port on the upper left, while a prominent cylindrical component with a glowing blue core dominates the center, suggesting advanced functionality

Analysis

The incident leveraged a critical vulnerability within Kiln’s API, the software bridge connecting SwissBorg’s application to the Solana staking network. Attackers manipulated requests through this compromised API, gaining unauthorized access to and control over funds within the Solana Earn program. This attack circumvented direct smart contract vulnerabilities, exploiting an operational security flaw in the data exchange layer. The illicitly obtained funds were subsequently routed to a Solana wallet identified as the “SwissBorg Exploiter.”

A sharp, clear crystal prism contains a detailed blue microchip, evoking a sense of technological containment and precision. The surrounding environment is a blur of crystalline facets and deep blue light, suggesting a complex, interconnected digital ecosystem

Parameters

  • Exploited Protocol → SwissBorg Solana Earn program
  • Vulnerability → Third-party API compromise (Kiln)
  • Financial Impact → $41 Million (193,000 SOL)
  • Blockchain Affected → Solana
  • Attack Date → September 8, 2025
  • Attacker Wallet → Solscan-labeled “SwissBorg Exploiter”
  • Mitigation Response → User reimbursement, active investigation, Kiln exiting Ethereum validators

A sophisticated, futuristic mechanical assembly is centrally featured, composed of metallic silver and dark grey components, including intricate gears and a prominent circular aperture. Transparent blue structural elements partially enclose this advanced mechanism, which is enveloped by a dynamic, granular, foamy substance

Outlook

Immediate mitigation requires users to remain vigilant regarding third-party service permissions and to monitor official announcements for security updates. This incident will likely drive a re-evaluation of API security protocols and supply chain risk management across the DeFi sector. Protocols integrating external services must implement more robust validation mechanisms and multi-layered security controls to prevent similar API-based exploits. The industry must establish new best practices for assessing and managing third-party dependencies.

This detailed render showcases a sophisticated, spherical computing module with interlocking metallic and white composite panels. A vibrant, bubbling blue liquid sphere is integrated at the top, while a granular white-rimmed aperture reveals a glowing blue core at the front

Verdict

This API compromise on a critical staking partner fundamentally redefines the scope of supply chain risk within decentralized finance, demanding immediate and comprehensive re-architecture of external service integrations.

Signal Acquired from → Cointelegraph

Micro Crypto News Feeds

decentralized finance

Definition ∞ Decentralized finance, often abbreviated as DeFi, is a system of financial services built on blockchain technology that operates without central intermediaries.

decentralized

Definition ∞ Decentralized describes a system or organization that is not controlled by a single central authority.

swissborg

Definition ∞ SwissBorg is a digital asset wealth management platform that offers users a streamlined way to invest in and manage cryptocurrencies.

solana

Definition ∞ Solana is a high-performance blockchain platform designed to support decentralized applications and cryptocurrencies with exceptional speed and low transaction costs.

api compromise

Definition ∞ An API compromise occurs when an unauthorized party gains access to an Application Programming Interface.

kiln

Definition ∞ 'Kiln' in the cryptocurrency domain can refer to a specialized hardware device or a specific type of smart contract used for minting or creating new digital assets, particularly NFTs.

supply chain risk

Definition ∞ Supply chain risk refers to the potential for disruptions or vulnerabilities within the network of organizations, people, activities, information, and resources involved in moving a product or service from supplier to customer.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

Tags:

Tags: