SwissBorg hacked for $41M SOL after third-party API compromise
SwissBorg, a Switzerland-based crypto wealth management platform, said hackers exploited a vulnerability in the API of its staking partner Kiln, draining about 193,000 Solana tokens from its Earn program. The SwissBorg app and other Earn products were not impacted by the hack, the company wrote in a post on X. The stolen SOL (SOL) tokens were worth roughly $41 million at time of writing. The breach originated with Kiln, a staking infrastructure provider that powers yield products on blockchains such as Solana and Ethereum.An API attack targets the software âbridgeâ that connects two systems. In SwissBorgâs case, its app relied on Kilnâs API to communicate with Solanaâs staking network. By compromising the API, hackers were able to manipulate requests and siphon off funds.SwissBorg said that despite the hack, the company remains in good financial health, daily operations are unaffected and the affected users will be contacted directly by email.A âbad dayâ but not a fatal blowSwissBorg CEO Cyrus Fazel hosted an X Space on Monday shortly after the companyâs statement that it had been hacked. According to Fazel, the breach only impacted users depositing Solana tokens in its Earn program, which accounts for about 1% of its customer base and 2% of total assets. âItâs a big amount of money, but it doesnât put SwissBorg at risk,â the spokesperson said. SwissBorgâs Solana Earn program lets users deposit SOL through its app to earn staking rewards, using the infrastructure provided by Kiln. The product was part of SwissBorgâs wider suite of Earn offerings on assets like BTC and ETH, designed to give retail users simple access to staking yields without managing validator nodes or DeFi protocols directly.The company pledged to reimburse affected users, noting that âwith the current treasury we have, we could already do that,â while stressing it is also working with international agencies, exchanges and white-hat hackers to assist with the investigation, and that some transactions have already been blocked.Calling it âa bad day for SwissBorg,â Fazel said the incident would ultimately serve as a learning experience for the company.Blockchain data shows the stolen funds were routed to a Solana wallet now labeled on Solscan as the âSwissBorg Exploiter,â advising users to exercise caution when interacting with it.Cointelegraph reached out to Swissborg and Kiln for comment, but did not receive an immediate response.