Skip to main content
Security

SwissBorg Solana Earn Program Suffers $41m Third-Party API Exploit

A compromised third-party staking API allowed attackers to manipulate requests, siphoning $41 million in SOL from the SwissBorg Earn program.
September 16, 20252 min

A pristine white sphere, its lower half transitioning into a vibrant blue gradient, rests centrally amidst a formation of granular white and blue material, accompanied by a large translucent blue crystal shard. This entire arrangement floats on a dark, rippled water surface, creating a serene yet dynamic visual
The close-up reveals highly detailed metallic components intertwined with a luminous, textured blue substance, appearing to flow through the structure. The metallic surfaces exhibit fine brushed textures and subtle engravings, suggesting precision engineering within a complex system

Briefing

On September 8, 2025, the SwissBorg SOL Earn program experienced a significant security breach, resulting in the theft of approximately 193,000 Solana (SOL) tokens. The incident, valued at around $41 million, originated from a compromised third-party API belonging to staking partner Kiln. This external vulnerability allowed attackers to manipulate staking requests and drain funds without directly compromising SwissBorg’s core application, highlighting the critical risks associated with supply chain dependencies in decentralized finance.

The image displays an abstract composition of flowing, undulating forms in shades of deep blue, light blue, and white. These layered structures create a sense of dynamic movement and depth, with glossy surfaces reflecting light

Context

Before this incident, the broader crypto ecosystem faced persistent risks from third-party integrations and supply chain attacks. Protocols frequently rely on external services for staking, oracles, and other functionalities, expanding their attack surface. The prevailing threat landscape included vulnerabilities in API security, where insufficient auditing or access controls could enable unauthorized manipulation of sensitive functions.

A detailed close-up reveals a complex, abstract structure dominated by translucent blue and metallic silver elements. A central, large cylindrical component, made of a deep blue, liquid-like material, is connected to an intricate network of branching blue tubes, all reinforced with silver metallic wires

Analysis

The incident leveraged a vulnerability within Kiln’s API infrastructure, SwissBorg’s staking partner. Attackers exploited this weakness to manipulate requests, enabling the unauthorized siphoning of SOL tokens from the SOL Earn program. This attack vector allowed the perpetrators to transfer withdrawal authority for stake accounts, subsequently unstaking and draining 193,000 SOL into a wallet identified as “SwissBorg Exploiter” on Solscan. The success of the exploit underscores the critical need for robust security protocols and continuous auditing of all third-party integrations.

A large, faceted blue crystalline structure, reminiscent of a massive immutable ledger shard, forms the central focus, with a luminous full moon embedded within its depths. White snow or frost accents the crystal's contours, suggesting cold storage for digital assets

Parameters

  • Targeted Protocol ∞ SwissBorg SOL Earn Program
  • Attack Vector ∞ Compromised Third-Party API (Kiln)
  • Financial Impact ∞ Approximately $41 Million (193,000 SOL)
  • Affected Blockchain ∞ Solana
  • Date of Incident ∞ September 8, 2025
  • On-Chain Investigator ∞ ZachXBT
  • Attacker Wallet Label ∞ “SwissBorg Exploiter” on Solscan

A sophisticated, silver-grey hardware device with dark trim is presented from an elevated perspective, showcasing its transparent top panel. Within this panel, two prominent, icy blue, crystalline formations are visible, appearing to encase internal components

Outlook

Immediate mitigation steps for users involved in similar staking programs include verifying the security posture of all third-party providers and regularly reviewing delegated permissions. This incident will likely establish new best practices for rigorous due diligence on external partners and enhanced API security auditing within the DeFi sector. The contagion risk extends to any protocol relying on similar third-party staking infrastructure, necessitating a re-evaluation of their security models.

An abstract, dark, multi-layered object with intricate, organic-like cutouts is depicted, covered and surrounded by a multitude of small, glowing blue and white particles. These particles appear to flow dynamically across its surface and through its internal structures, creating a sense of movement and digital interaction

Verdict

This $41 million exploit underscores the critical systemic risk posed by third-party API vulnerabilities, demanding immediate industry-wide reassessment of external integration security.

Signal Acquired from ∞ crowdfundinsider.com

Tags:

Tags: