Solana News Today: "SwissBorg’s $41.5M Hack Exposes Crypto’s Weakest Link: Supply Chains"

Swiss crypto platform SwissBorg has suffered a significant security breach, losing approximately $41.5 million worth of SolanaSOL-- (SOL) tokens after hackers exploited a vulnerability in its partner API provider, Kiln. The incident, reported by on-chain investigator ZachXBT, involved the theft of roughly 192,600 SOL tokens from SwissBorg’s SOL Earn program. While the company stated that less than 1% of its users were affected, the incident marks the latest in a string of high-profile security failures within the broader crypto ecosystem. SwissBorg has pledged to use its SOL treasury to cover most of the user losses and has engaged white-hat hackers to assist in the recovery of stolen funds [3].

The breach occurred amid a broader surge in security incidents across the crypto industry. On the same day, Sui-based DeFi platform Nemo Protocol was exploited for $2.4 million in USDCUSDC--, with the attack targeting its yield-trading mechanism. The breach prompted a sharp decline in Nemo’s total value locked (TVL), which plummeted from $6.3 million to $1.57 million as users withdrew funds. PeckShieldAlert identified the exploit and noted that the stolen USDC was moved from Arbitrum to EthereumETH-- [1]. Nemo has since suspended all smart contract activity to investigate the root cause of the breach [2].

In another incident, the Solana-based project Aqua executed a $4.65 million rug pull, involving 21,770 SOL tokens. The funds were transferred through multiple intermediary addresses before reaching instant exchanges. The team behind Aqua disabled Twitter replies following the exit scam, raising concerns about the transparency of the project [3]. These attacks, along with the SwissBorg and Nemo breaches, contribute to a total of $2.37 billion in DeFi-related losses across 121 security incidents in the first half of 2025, according to industry data. DeFi protocols account for 76% of breach cases, though centralized exchanges have recorded higher single-loss amounts [3].

The frequency of such breaches is increasing despite growing awareness and improvements in security practices. According to Hacken’s mid-year report, access control vulnerabilities, including misconfigured wallets and compromised legacy keys, account for 59% of industry losses. CertiK has warned that risks arise from multiple sources, including coding errors, blockchain network vulnerabilities, and limitations in programming languages. The SuiSUI-- blockchain, in particular, has faced heightened scrutiny following the recent Nemo breach and a May 2025 exploit of the Cetus Protocol that resulted in $223 million in losses [3].

Beyond DeFi platforms, a large-scale supply chain attack has also raised alarms across the crypto industry. Hackers compromised the npm account of developer Josh Goldberg, publishing malicious versions of 18 popular JavaScript packages. These packages, which receive over 2 billion weekly downloads, are now potentially exposing millions of users to risks. The malware, known as a crypto-clipper, replaces recipient addresses in crypto transactions with attacker-controlled wallets. Security experts have advised users to verify all hardware wallet transactions and avoid web-based on-chain activity until patches are deployed [3]. The incident underscores the interconnected vulnerabilities across both the crypto and broader software development ecosystems, further emphasizing the need for robust security measures and continuous monitoring.

Source:

[1] Sui-Based Yield Protocol Nemo Exploited for $2.4M in USDC (https://www.coindesk.com/markets/2025/09/08/sui-based-yield-protocol-nemo-exploited-for-usd2-4m-in-usdc)

[2] Sui-based Nemo Protocol exploited for $2.4 million (https://www.theblock.co/post/369766/sui-nemo-protocol-exploit)

[3] Swiss Crypto Platform SwissBorg Hit by $41.5M SOL Hack After Partner API Compromise (https://cryptorank.io/news/feed/92c8f-swiss-crypto-platform-swissborg-hit-by-41-5m-sol-hack-after-partner-api-compromise)