On September 9, 2025, SwissBorg, a Swiss crypto wealth management platform, disclosed that malicious actors had compromised the API of its staking partner Kiln. The breach siphoned approximately 193,000 Solana (SOL) tokens, valued at roughly $41 million, from the platform’s Solana Earn product. Kiln provides staking infrastructure for yield products across multiple blockchains, including Solana and Ethereum.
SwissBorg confirmed that the exploit targeted the software bridge connecting its application to Kiln’s validators. By manipulating API requests, attackers rerouted user deposits to an address now labeled “SwissBorg Exploiter” on the Solana blockchain explorer. The incident affected about 1 percent of SwissBorg’s user base and 2 percent of total assets under management in the Solana Earn program.
SwissBorg CEO Cyrus Fazel characterized the event as “a bad day” but emphasized that the company’s treasury reserves are sufficient to cover all affected deposits. First-party products and other staking offerings remained unaffected. The firm has initiated full reimbursement for impacted users and has engaged international law enforcement, exchange partners, and white-hat hackers to contain further losses and trace the stolen funds.
Blockchain data analysis shows multiple transfer attempts from the exploiter address to various mixers, suggesting efforts to obfuscate the trail. SwissBorg and Kiln are working with forensic specialists to monitor on-chain movements and recover assets. The company also announced plans to implement enhanced API security measures, including stricter access controls and real-time anomaly detection to prevent similar exploits.
The SwissBorg security team urged users to avoid staking through third-party services without contract-level audits and recommended hardware wallet usage for on-chain transactions. The incident underscores the risk of supply-chain API vulnerabilities in decentralized finance infrastructure.
Comments (0)