SwissBorg, a Swiss crypto wealth management platform, suffered a $41 million hack on Sept. 8 after attackers exploited a vulnerability in a partner’s API.
Summary
- SwissBorg lost $41M in SOL after a September 8 hack exploiting partner Kiln’s API.
- Only 1% of users were affected, with treasury funds covering losses.
- The incident highlights rising risks from API vulnerabilities in DeFi.
The company confirmed the breach in an X post on the same day, assuring users that core systems and other services remained unaffected.
API flaw linked to Kiln partner
The exploit stemmed from SwissBorg’s integration with staking provider Kiln. Hackers manipulated the API connection the Solana (SOL) Earn program used, siphoning off about 192,600 SOL tokens. The tokens, valued at between $41 million and $41.5 million, were moved to a new wallet that is now flagged as the ‘SwissBorg Exploiter’ on Solscan.
https://twitter.com/swissborg/status/1965123506477359471?s=46&t=nznXkss3debX8JIhNzHmzw
The stolen funds represent almost half of SwissBorg’s total Solana reserves of $72.6 million. Despite the size of the loss, the company stressed that only around 1% of users were directly affected, with no impact on other Earn products or the SwissBorg app.
SwissBorg’s recovery plan
SwissBorg outlined its immediate actions to protect users in its public statement. The company has allocated assets from its own Solana treasury to cover the majority of user losses, with final compensation amounts still being determined. Chief executive officer Cyrus Fazel described the incident as “a bad day, but not a fatal one,” highlighting the firm’s financial stability.
To track down the stolen assets, SwissBorg is working with blockchain investigators, white-hat hackers, and security partners like Fireblocks and the Solana Foundation. Exchanges have already blocked some of the transactions connected to the exploit. To prevent similar breaches, the platform also promised to improve third-party risk oversight and strengthen security protocols.
Broader security concerns in crypto
Discussions concerning third-party integration and API dependency vulnerabilities in the crypto industry have been triggered by the incident. It adds to a string of exploits in September, including a $2.4 million attack on Nemo Protocol, a decentralized finance project on Sui (SUI).
While SwissBorg’s transparency and commitment to reimbursing users have been praised, the hack underscores ongoing risks for staking programs and DeFi services. For updates and recovery plan announcements, the company has directed users to its official X account.
