SwissBorg Confirms Hack, Blames Third-party Provider

SwissBorg has just suffered one of the most striking hacks of the year. In a few hours, 193,000 SOL, or 41 million dollars, were siphoned off via a flaw in the Kiln validator API, a provider responsible for staking on Solana. It was not SwissBorg’s infrastructure that failed, but that of a third-party partner. The incident reignites the debate on the security of external integrations in a sector where the slightest failure can be enough to bring down the entire chain.

A critical flaw in staking infrastructure

After the 40 million dollar hack at GMX, it’s SwissBorg’s turn. Indeed, the exchange confirmed it was the victim of a large-scale hack following the exploitation of a flaw in the Kiln API, its partner for staking services on Solana.

The incident led to the diversion of 193,000 SOL, or approximately 41 million dollars at the time.

Here are the important facts at this stage :

• The origin of the flaw : the hack occurred at the Kiln API level, an interface used to connect the SwissBorg application to the Solana staking network. This type of attack, called an “API attack”, allows a hacker to manipulate requests passing through this software gateway.

• The amount stolen : 193,000 SOL were siphoned off, representing about 2% of assets under management at SwissBorg, but only within the Solana Earn product.

• Affected users : only 1% of SwissBorg customers were affected, according to official statements. The rest of the Earn products (BTC, ETH, etc.) as well as the main application were not affected.

• The impacted product : Solana Earn, a turnkey service designed to offer yields in SOL via staking, without the user needing to manage a validator or a DeFi protocol themselves.

• On-chain tracking : the address associated with the hacker was identified on Solscan, where it is now labeled as “SwissBorg Exploiter”, which allows tracing and limits interactions with it.

In a message published on X, SwissBorg stated that only the Solana Earn product was compromised and that the other products remain fully functional.

https://twitter.com/swissborg/status/1965123506477359471

The company emphasized that the flaw was with Kiln and not its own infrastructure, revealing the risks related to technical delegation in simplified staking solutions.

An immediate reaction and prospects

Facing the severity of the situation, SwissBorg CEO Cyrus Fazel spoke out on the social network X, highlighting the responsiveness of his team and stating that “it is a bad day for SwissBorg, but it does not call into question the viability of the company”.

He assured users that the current treasury would allow reimbursing all affected clients and that they would be contacted directly by email.

The company has also engaged collaborations with international agencies, exchanges, and white-hat hackers to track funds and try to recover part of them. Some suspicious transactions have reportedly already been identified and blocked, although the details of these actions have not been disclosed.

SwissBorg insists on its willingness to shed full light on the incident and considers this hack as an important lesson in managing technical partnerships. Beyond the specific case, this incident reveals a structural issue with staking “as-a-service”: the dependency on intermediaries whose security flaws can have a domino effect on hundreds of thousands of end users.

Although Kiln is a recognized actor in the sector, this attack highlights that even trusted partners can represent significant risk vectors.

This case, like the Ledger Discord hack, could accelerate a rethinking of the centralized staking model relying on external APIs. Regulators might see this as a signal to strengthen transparency requirements around technical providers. As for users, they could demand more clarity on the nature of the infrastructures used to grow their assets, particularly in terms of control, responsibility, and auditing.