SwissBorg Solana Earn Program Compromised via Third-Party API Exploit → Security

A striking abstract visualization features a dense central structure of numerous blue translucent blocks, surrounded by white spherical nodes connected by thin white lines. This intricate network conceptually illustrates a sharded blockchain architecture, where individual blocks represent data packets or transaction units within a distributed ledger

The image displays a central, textured blue and white spherical object, encircled by multiple metallic rings. A smooth white sphere floats to its left, while two clear ice-like cubes rest on its upper surface

Briefing

In September 2025, SwissBorg, a Swiss wealth management platform, suffered a $42 million hack impacting its SOL Earn Program. The incident stemmed from a supply chain attack where a trusted third-party account, managed by Kiln for Solana staking, was compromised. This exploit allowed attackers to gain control over 192,600 SOL by manipulating a seemingly benign unstaking transaction, leading to a substantial financial loss for the platform. SwissBorg has committed to compensating affected users from its treasury.

Polished blue and metallic mechanical components integrate with a translucent, organic-like network structure, featuring a glowing blue conduit. This intricate visual symbolizes advanced blockchain architecture and the underlying distributed ledger technology DLT powering modern web3 infrastructure

Context

Prior to this incident, the broader DeFi ecosystem faced persistent risks from third-party integrations and supply chain vulnerabilities. Protocols often rely on external services for specialized functions like staking, which can introduce new attack surfaces if not rigorously secured. The prevailing challenge involved ensuring comprehensive security posture extends beyond a protocol’s core infrastructure to encompass all integrated components.

A sleek, metallic device with luminous blue internal elements is prominently displayed, showcasing its intricate design. The central focus is a square-shaped opening leading to a circular interface, suggesting a critical component or connection point

Analysis

The attack vector targeted the Kiln API, which managed SwissBorg’s Solana staking. The attacker executed a standard unstaking transaction that covertly embedded eight malicious authorization instructions. These instructions were designed to transfer control of SwissBorg’s staking accounts to attacker-controlled on-chain addresses.

Upon approval of this seemingly legitimate transaction, the attacker gained unauthorized access, subsequently draining approximately 192,600 SOL from the compromised staking accounts. This exploit leveraged a critical oversight in transaction validation, where the underlying malicious logic within a standard operation went undetected.

A close-up view reveals a high-tech device featuring a silver-grey metallic casing with prominent dark blue internal components and accents. A central, faceted blue translucent element glows brightly, suggesting active processing or energy flow within the intricate machinery

Parameters

Protocol Targeted → SwissBorg (SOL Earn Program)
Attack Vector → Supply Chain Attack (Kiln API Exploit)
Vulnerability → Malicious Logic Concealed in Staking Transaction
Financial Impact → Approximately $42 Million (192,600 SOL)
Affected Blockchain → Solana
Third-Party Involved → Kiln (Solana staking provider)

A sophisticated, silver-toned modular device, featuring a prominent circular interface with a blue accent and various rectangular inputs, is dynamically positioned amidst a flowing, translucent blue material. The device's sleek, futuristic design suggests advanced technological capabilities, with the blue element appearing to interact with its structure

Outlook

This incident underscores the critical need for enhanced third-party risk management and stringent transaction validation mechanisms across the DeFi landscape. Protocols must implement robust due diligence for all external integrations and adopt advanced transaction simulation tools to detect hidden malicious logic. The event will likely catalyze the adoption of more sophisticated security auditing standards, particularly for API interactions and multi-signature approvals, to mitigate contagion risk from similar supply chain vulnerabilities.

A modern, metallic, camera-like device is shown at an angle, nestled within a vibrant, translucent blue, irregularly shaped substance, with white foam covering parts of both. The background is a smooth, light gray, creating a minimalist setting for the central elements

Verdict

The SwissBorg exploit serves as a stark reminder that even robust platforms remain vulnerable to sophisticated supply chain attacks, necessitating a paradigm shift towards comprehensive third-party security audits and real-time transaction integrity checks.

Signal Acquired from → Halborn

Micro Crypto News Feeds

SwissBorg Solana Earn Program Compromised via Third-Party API Exploit

Briefing

Context

Analysis

Parameters

Outlook

Verdict

Micro Crypto News Feeds

supply chain attack

supply chain

solana staking

transaction validation

swissborg

attack vector

transaction

solana

third-party

third-party risk

security

Tags:

Tags:

Incrypthos

Stop Scrolling. Start Crypto.