"SwissBorg Loses $41M to API Flaw, Exposing DeFi’s Third-Party Risks"
Aime SummarySwissBorg, a Switzerland-based cryptocurrency wealth management platform, reported a significant security breach that resulted in the loss of approximately $41 million in SolanaSOL-- (SOL) tokens. The incident, which occurred on Monday, was traced back to a vulnerability in the application programming interface (API) of its staking partner, Kiln. The breach specifically targeted the company’s SOL Earn Program, a product that allows users to deposit Solana tokens and earn staking rewards via Kiln’s infrastructure. The compromised API enabled hackers to manipulate transaction requests and siphon off the funds without directly breaching SwissBorg’s app or other Earn programs.
According to data from Solscan, the stolen funds were transferred to a Solana wallet labeled as the “SwissBorg Exploiter,” which has since been flagged for caution by the platform. The company emphasized that no customer data was accessed or compromised in the incident and that the breach did not impact its broader operations or other products. SwissBorg’s CEO, Cyrus Fazel, acknowledged the severity of the incident during a virtual session, but stated that the affected user base was limited—approximately 1% of customers and 2% of total assets—reassuring stakeholders that the breach does not pose a systemic risk to the company.
In response, SwissBorg announced plans to use its Solana treasury to reimburse affected users, with the company asserting that it has the financial capacity to cover the losses. It is also collaborating with white-hat hackers and security partners to investigate the breach and recover the compromised funds. The company said it is working with international agencies and exchanges to block further transactions from the stolen funds and prevent their use in illicit activities.
The incident occurred amid a broader wave of cybersecurity concerns in the cryptocurrency sector. On the same day, a supply chain attack was reported involving a compromised NPM software developer, prompting warnings from cybersecurity experts like Ledger CTO Charles Guillemet. Such attacks typically exploit vulnerabilities in trusted third-party software components rather than targeting individual users directly. The timing of the breach has heightened awareness among investors and platform operators about the risks associated with reliance on external APIs and staking infrastructure.
The attack also underscores the increasing frequency and sophistication of cyber threats within the crypto industry, particularly in DeFi and staking ecosystems. According to the company’s disclosures, the SOL Earn Program is part of a broader suite of products offering staking yields for assets like BitcoinBTC-- and EthereumETH--. By outsourcing the staking infrastructure to third-party providers, platforms like SwissBorg can streamline operations for users but also face elevated risks if those partners experience security failures. Analysts have highlighted the need for stronger oversight of third-party integrations and enhanced transparency in the event of breaches.
SwissBorg’s statement noted that users affected by the breach will be contacted directly by email with further details and next steps. While the company did not specify a timeline for full reimbursement, it emphasized its commitment to restoring user balances. The incident will likely prompt increased scrutiny of the security protocols and risk management practices employed by crypto platforms that rely on third-party infrastructure to deliver yield-generating products to their customers.
Source: [1] SwissBorg crypto platform robbed of over $40 million in Solana (https://www.theblock.co/post/369924/swissborg-crypto-platform-robbed-of-over-40-million-in-solana) [2] SwissBorg hacked for $41M SOL after third-party API compromise (https://cointelegraph.com/news/swissborg-hacked-41m-sol-api-compromise)
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
Comments
No comments yet