Solana News Today: Even Trusted Partners Can't Shield Crypto Firms from API Breach Woes
Aime SummarySwissBorg, a Switzerland-based cryptocurrency platform, disclosed a significant security breach in its SolanaSOL-- (SOL) Earn program, resulting in a loss of approximately $41 million. The incident, which occurred through the compromise of a third-party staking partner’s API, highlights the growing risks associated with reliance on external services in the crypto space. The attack drained about 193,000 SOL from the platform, impacting roughly 1% of its users, according to reports from multiple sources [1][3]. While the company emphasized that its main application and other Earn programs remain unaffected, the breach has raised concerns over the vulnerabilities of partner ecosystems in the DeFi and crypto industries.
The company’s CEO, Cyrus Fazel, addressed the incident during a live broadcast on Sept. 8, clarifying that the breach originated from an external provider rather than from SwissBorg’s internal systems. Fazel described the compromised party as “one of the best partners in the world,” indicating that even trusted collaborations are not immune to sophisticated cyberattacks. The stolen funds represent approximately 2% of the platform’s total assets under management (AUM) [3]. In response, SwissBorg has allocated treasury funds to cover user losses, with Fazel stating that the company has sufficient resources to ensure full reimbursement. The company has also enlisted white-hat hackers and security partners to assist in recovering the compromised funds through blockchain analysis and collaboration with exchanges [3].
The incident underscores the broader issue of API security in the crypto industry. APIs are critical components in the integration of services but often present vulnerabilities if not properly secured. The OWASP API Security Top 10 list identifies common API threats, such as broken authentication and authorization, which were likely exploited in this case [6]. According to Fazel, multiple exchanges have blocked transactions linked to the attack, preventing some stolen funds from being liquidated. Entities such as Fireblocks, Solana Foundation, and blockchain investigators have assisted in tracking the stolen assets across multiple wallet addresses [3].
SwissBorg has pledged to reimburse affected users and has taken steps to strengthen its security infrastructure to prevent similar incidents in the future. The platform has also committed to working with law enforcement agencies worldwide and implementing additional security measures. Fazel acknowledged the emotional toll the incident has had on users and described it as a learning experience. He emphasized the importance of transparency in the recovery process and promised regular updates on the status of fund retrieval efforts [3].
The broader crypto community has reacted to the breach, with Ledger CTO Charles Guillemet advising users who are not utilizing hardware wallets to temporarily cease executing onchain transactions. This recommendation reflects the heightened awareness of supply chain attacks in the industry, where hackers exploit trusted software distribution channels rather than targeting individual users [1]. Such attacks pose significant risks to platforms that rely on interconnected services, as vulnerabilities in one component can compromise the integrity of the entire system.
This incident adds to the growing list of high-profile hacks in the crypto space and reinforces the need for robust security protocols, both internally and among third-party partners. As the industry continues to evolve, the reliance on APIs and external integration points will likely increase, making it essential for platforms to adopt proactive security measures and continuous monitoring. The SwissBorg breach serves as a reminder that even well-established companies are not immune to sophisticated cyber threats, and the responsibility of securing user funds must be shared across the entire ecosystem [6].
Source:
[1] The Block - SwissBorg crypto platform robbed of over $40 million in Solana (https://www.theblock.co/post/369924/swissborg-crypto-platform-robbed-of-over-40-million-in-solana?utm_medium=rss&utm_source=companies.xml)
[2] SwissBorg - Crypto yields tailored to your risk profile | SwissBorg Earn (https://swissborg.com/earn-crypto)
[3] CryptoSlate - SwissBorg loses $41M in SOL after partner API compromise affects Earn program (https://cryptoslate.com/swissborg-loses-41m-in-sol-after-partner-api-compromise-affects-earn-program/)
[4] Yahoo Finance - $1.65 Billion: Solana Gets Its First 10-Figure Treasury Fund (https://finance.yahoo.com/news/1-65-billion-solana-gets-105421890.html)
[5] Yahoo Finance - XRPXRP-- and SOL Signal Bull Run While Traders Hedge for ... (https://finance.yahoo.com/news/xrp-sol-signal-bullish-strength-062449930.html)
[6] Pynt - What is API Security? Key Threats, Tools & Best Practices (https://www.pynt.io/learning-hub/api-security-guide/api-security)
[7] GBHackers - Critical Argo CD API Flaw Exposes Repository Credentials ... (https://gbhackers.com/critical-argo-cd-api-flaw/)
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PRO
Comments
No comments yet