SwissBorg Solana Earn Program Compromised via Third-Party API Exploit → Security

Polished blue and metallic mechanical components integrate with a translucent, organic-like network structure, featuring a glowing blue conduit. This intricate visual symbolizes advanced blockchain architecture and the underlying distributed ledger technology DLT powering modern web3 infrastructure

The image displays a sleek, translucent device with a central brushed metallic button, surrounded by a vibrant blue luminescence. The device's surface exhibits subtle reflections, highlighting its polished, futuristic design, set against a dark background

Briefing

In September 2025, SwissBorg, a Swiss wealth management platform, suffered a $42 million hack impacting its SOL Earn Program. The incident stemmed from a supply chain attack where a trusted third-party account, managed by Kiln for Solana staking, was compromised. This exploit allowed attackers to gain control over 192,600 SOL by manipulating a seemingly benign unstaking transaction, leading to a substantial financial loss for the platform. SwissBorg has committed to compensating affected users from its treasury.

A pristine white, textured material, resembling raw data or unverified transaction inputs, is shown interacting with a translucent, deep blue, structured element. This blue component, embodying a decentralized ledger or a sophisticated smart contract protocol, displays intricate, web-like patterns that signify cryptographic hashing and distributed node connectivity

Context

Prior to this incident, the broader DeFi ecosystem faced persistent risks from third-party integrations and supply chain vulnerabilities. Protocols often rely on external services for specialized functions like staking, which can introduce new attack surfaces if not rigorously secured. The prevailing challenge involved ensuring comprehensive security posture extends beyond a protocol’s core infrastructure to encompass all integrated components.

A sleek, silver-framed device features a large, faceted blue crystal on one side and an exposed mechanical watch movement on the other, resting on a light grey surface. The crystal sits above a stack of coins, while the watch mechanism is integrated into a dark, recessed panel

Analysis

The attack vector targeted the Kiln API, which managed SwissBorg’s Solana staking. The attacker executed a standard unstaking transaction that covertly embedded eight malicious authorization instructions. These instructions were designed to transfer control of SwissBorg’s staking accounts to attacker-controlled on-chain addresses.

Upon approval of this seemingly legitimate transaction, the attacker gained unauthorized access, subsequently draining approximately 192,600 SOL from the compromised staking accounts. This exploit leveraged a critical oversight in transaction validation, where the underlying malicious logic within a standard operation went undetected.

A close-up view reveals a modern device featuring a translucent blue casing and a prominent brushed metallic surface. The blue component, with its smooth, rounded contours, rests on a lighter, possibly silver-toned base, suggesting a sophisticated piece of technology

Parameters

Protocol Targeted → SwissBorg (SOL Earn Program)
Attack Vector → Supply Chain Attack (Kiln API Exploit)
Vulnerability → Malicious Logic Concealed in Staking Transaction
Financial Impact → Approximately $42 Million (192,600 SOL)
Affected Blockchain → Solana
Third-Party Involved → Kiln (Solana staking provider)

A close-up reveals a sophisticated, metallic device featuring a translucent blue screen displaying intricate digital patterns and alphanumeric characters. A prominent silver frame with a central button accents the front, suggesting an interactive interface for user input and transaction confirmation

Outlook

This incident underscores the critical need for enhanced third-party risk management and stringent transaction validation mechanisms across the DeFi landscape. Protocols must implement robust due diligence for all external integrations and adopt advanced transaction simulation tools to detect hidden malicious logic. The event will likely catalyze the adoption of more sophisticated security auditing standards, particularly for API interactions and multi-signature approvals, to mitigate contagion risk from similar supply chain vulnerabilities.

A translucent blue device with a smooth, rounded form factor is depicted against a light grey background. Two clear, rounded protrusions, possibly interactive buttons, and a dark rectangular insert are visible on its surface

Verdict

The SwissBorg exploit serves as a stark reminder that even robust platforms remain vulnerable to sophisticated supply chain attacks, necessitating a paradigm shift towards comprehensive third-party security audits and real-time transaction integrity checks.

Signal Acquired from → Halborn

Micro Crypto News Feeds

SwissBorg Solana Earn Program Compromised via Third-Party API Exploit

Briefing

Context

Analysis

Parameters

Outlook

Verdict

Micro Crypto News Feeds

supply chain attack

supply chain

solana staking

transaction validation

swissborg

attack vector

transaction

solana

third-party

third-party risk

security

Tags:

Tags:

Incrypthos

Stop Scrolling. Start Crypto.