The SwissBorg hack was an API compromise of staking provider Kiln that drained ~193,000 SOL (~$41M) from SwissBorg’s Solana Earn program, affecting about 1% of users and 2% of assets; SwissBorg says it will reimburse impacted customers and is investigating.
-
193,000 SOL stolen from SwissBorg’s Solana Earn via a Kiln API compromise
-
Impact limited to Solana Earn deposits: ~1% of customers, ~2% of platform assets
-
SwissBorg pledges reimbursements, working with investigators and white‑hat researchers
SwissBorg hack: 193,000 SOL stolen after Kiln API compromise — learn impact, response, and steps to protect funds. Read more and act now.
What happened in the SwissBorg hack?
The SwissBorg hack occurred when attackers exploited a vulnerability in Kiln’s API — the staking infrastructure provider used by SwissBorg — to withdraw roughly 193,000 SOL from the platform’s Solana Earn product. SwissBorg reports the breach affected about 1% of users and roughly 2% of its assets; the company says it will reimburse affected customers.
SwissBorg, a Switzerland‑based crypto wealth management platform, confirmed the exploit in a public update and on X. The stolen SOL was valued at approximately $41 million at the time of reporting. The company says its app and other Earn products were not impacted.
Source: Swissborg
How did an API attack enable the theft?
An API attack targets the software bridge connecting two systems. In this incident, SwissBorg’s Solana Earn relied on Kiln’s API to interact with Solana staking infrastructure. By compromising Kiln’s API, attackers could manipulate staking requests and redirect withdrawals.
Blockchain analytics show the funds moved to a Solana wallet now labeled on Solscan as the “SwissBorg Exploiter.” SwissBorg says some malicious transactions have been blocked and that it is cooperating with international agencies, exchanges, and white‑hat researchers to trace and recover funds.
Frequently Asked Questions
Which users and assets were affected?
SwissBorg’s CEO and spokespeople clarified the impact was narrow in scope: about 1% of customers who deposited SOL into the Solana Earn product, representing roughly 2% of SwissBorg’s total assets under management. The company characterizes the event as significant in value but not existential for the business.
Key technical and operational details
- Attack vector: Compromise of Kiln’s API used for staking requests on Solana.
- Route of funds: Stolen SOL routed to an address flagged on Solscan as “SwissBorg Exploiter.”
- Response: SwissBorg blocked some transactions, notified impacted users by email, and engaged law enforcement and security partners.
| Metric | Value |
|---|---|
| Stolen amount | 193,000 SOL (~$41M) |
| Users affected | ~1% of SwissBorg customers |
| Platform assets impacted | ~2% of total assets |
What is SwissBorg doing now?
SwissBorg says daily operations continue normally and that the firm will contact affected customers directly by email. The company highlighted it has the treasury capacity to reimburse losses and is collaborating with international agencies, exchanges, and white‑hat hackers to investigate and mitigate further risk.
Source: Solscan
How can users protect funds after a staking API breach?
Users should act quickly to secure accounts and monitor on‑chain activity. Begin with basic containment steps and escalate to platform support if needed.
- Check account activity and recent transactions in the SwissBorg app and on Solscan.
- Disable or pause new deposits to the affected Earn product until the provider confirms safety.
- Change passwords, enable two‑factor authentication, and review withdrawal settings.
- Contact SwissBorg support directly as instructed in official communications and follow updates from the company.
- Monitor the labeled address on Solscan and report suspicious activity to investigators.
Key Takeaways
- Attack summary: Kiln API compromise allowed theft of ~193,000 SOL from SwissBorg’s Solana Earn.
- Scope: Limited to Solana Earn deposits — ~1% of users, ~2% of assets; company says it will reimburse.
- Action: Users should monitor accounts, pause deposits, secure credentials, and follow SwissBorg updates.
Conclusion
The SwissBorg incident underscores the systemic risk of third‑party staking infrastructure: API vulnerabilities can directly expose user assets. SwissBorg has committed to reimburse affected customers and is coordinating with investigators and white‑hat researchers. Users should prioritize account security and monitor official updates from SwissBorg.
