Security

SwissBorg Staking Program Compromised via Partner API Supply Chain Attack

External API supply chain compromise allowed unauthorized Solana stake authority manipulation, resulting in $41.5M asset loss.
December 1, 20253 min

A pristine white spherical core, featuring a prominent blue glowing ring, is centrally positioned within a complex, futuristic grey and blue modular structure. The surrounding framework consists of interlocking geometric blocks and luminous translucent blue components, suggesting intricate data pathways and energy flow
A sophisticated, silver-grey hardware device with dark trim is presented from an elevated perspective, showcasing its transparent top panel. Within this panel, two prominent, icy blue, crystalline formations are visible, appearing to encase internal components

Briefing

The SwissBorg SOL Earn staking program suffered a major security breach resulting in the unauthorized transfer of $41.5 million in assets. The core incident was a supply chain compromise involving the Kiln API, a critical third-party staking partner. This off-chain access allowed the threat actor to silently manipulate on-chain stake account authorities, effectively bypassing the platform’s standard multi-signature withdrawal controls. The total financial impact is confirmed at $41.5 million, underscoring the systemic risk posed by centralized dependencies within decentralized products.

The image displays a close-up of a high-tech mechanism featuring a central circular component filled with vibrant blue liquid, surrounded by numerous small, transparent spheres. This intricate hardware setup is characterized by metallic finishes, blue glowing accents, and a dark, structured base

Context

The prevailing risk factor in institutional DeFi remains the security perimeter of external dependencies, particularly third-party APIs that manage on-chain permissions or data feeds. This incident leverages a known class of vulnerability where off-chain administrative access holds too much unilateral power over delegated on-chain assets. Prior to this event, the industry had yet to fully implement zero-trust architecture for critical staking and key management functions delegated to external service providers.

The image displays a sleek, translucent device with a central brushed metallic button, surrounded by a vibrant blue luminescence. The device's surface exhibits subtle reflections, highlighting its polished, futuristic design, set against a dark background

Analysis

The attack vector was a classic supply chain compromise targeting a staking partner’s infrastructure. The attacker gained unauthorized access to the Kiln API, which possessed the necessary permissions to control the Solana stake accounts. By leveraging this off-chain API access, the actor executed a silent transfer of the stake account authority, a process that did not require the protocol’s multi-signature confirmations for withdrawal. This technical maneuver created a blind spot, allowing the attacker to evade standard monitoring tools focused on withdrawal events while transferring the stake authority to a malicious address, thereby draining the $41.5 million in user funds.

A detailed close-up shows a complex, futuristic mechanism composed of shiny silver and translucent blue components. At its core, a cross-shaped structure made of light blue foamy material features a prominent metallic five-pointed star

Parameters

  • Total Loss Value → $41.5 million (The total amount of user assets unauthorizedly transferred from the SOL Earn program)
  • Compromised Component → Kiln API (The external staking partner’s interface used to gain administrative control)
  • Affected Blockchain → Solana (The network where the stake account authority was manipulated)
  • Attack TechniqueSupply Chain Compromise (The method of exploiting a third-party vendor’s system)

The image displays a high-fidelity rendering of an advanced mechanical system, characterized by sleek white external components and a luminous, intricate blue internal framework. A central, multi-fingered core is visible, suggesting precision operation and data handling

Outlook

Protocols must immediately adopt a zero-trust model for all third-party dependencies, mandating that no external service can unilaterally execute a critical on-chain function like stake authority transfer. The immediate mitigation for similar protocols is to audit all API-driven administrative roles and enforce on-chain multi-signature approval for any change in key ownership or delegation. This incident will likely establish new auditing standards that prioritize the security of the entire operational supply chain, shifting focus from pure smart contract logic to external key management and API access controls.

This high-value compromise decisively confirms that third-party supply chain risk, not isolated smart contract logic, is the most critical institutional attack vector in the current digital asset landscape.

supply chain risk, external dependency, API compromise, off-chain attack, Solana stake authority, key management failure, delegated control, institutional security, staking protocol, third-party risk, custodial vulnerability, multi-signature bypass, silent transfer, asset withdrawal Signal Acquired from → monoaudit.com

Micro Crypto News Feeds

supply chain compromise

Definition ∞ A supply chain compromise describes a cybersecurity attack where an adversary infiltrates an organization by targeting less secure elements within its broader network of vendors, partners, or software providers.

key management

Definition ∞ Key management refers to the systematic process of generating, storing, distributing, using, safeguarding, and revoking cryptographic keys.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

staking

Definition ∞ Staking is a process within certain blockchain networks, particularly those utilizing Proof-of-Stake consensus mechanisms, where participants lock up their digital assets to support network operations and validate transactions.

account

Definition ∞ An account is a record of transactions and balances within a digital ledger system.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

smart contract logic

Definition ∞ Smart contract logic refers to the predefined, self-executing code embedded within a smart contract that dictates its behavior and conditions for execution.

Tags:

Tags: