Swiss Crypto Platform SwissBorg Hit by $41.5M SOL Hack After Partner API Compromise

Swiss crypto platform SwissBorg lost $41.5 million worth of Solana (SOL) tokens after hackers compromised partner API provider Kiln, marking the latest in a devastating series of cyber attacks that struck the crypto ecosystem within hours of each other. On-chain investigator ZachXBT reported that approximately 192,600 SOL tokens were stolen from SwissBorg’s SOL Earn program, affecting less than 1% of ￰0￱ platform immediately allocated its SOL treasury to cover most user losses while engaging white-hat hackers for fund recovery ￰1￱ confirmed that its SOL treasury will compensate affected users for the majority of their losses, with final figures to be ￰2￱ company emphasized that its strong financial health remains intact, and it will continue day-to-day operations unaffected by the security ￰3￱ Earn Incident & SwissBorg Recovery Plan A partner API was compromised, impacting our SOL Earn Program (~193k SOL, Rest assured, the SwissBorg app remains fully secure and all other funds in Earn programs are 100% ￰4￱ recovery ￰5￱ Actions… — SwissBorg (@swissborg) September 8, 2025 Quite a Day in Crypto: Cascade of Security Failures The SwissBorg incident coincided with multiple high-profile breaches across the crypto ￰6￱ today, Nemo Protocol on the Sui blockchain suffered a $2.4 million exploit that crashed its total value locked from $6.3 million to $1.57 million as users fled the ￰7￱ attack targeted Nemo’s yield-trading mechanism, which splits staked assets into Principal Tokens and Yield Tokens for speculation ￰8￱ detected the breach as hackers swiftly moved stolen USDC via Circle by bridging from Arbitrum to ￰9￱ the exploit, user withdrawals exceeded $3.8 million worth of USDC and SUI ￰10￱ halted all smart contract operations during scheduled maintenance windows to investigate the vulnerability’s root ￰11￱ today, the Solana project Aqua executed a $4.65 million rug pull involving 21,770 SOL tokens after promotion by teams including Meteora, Quill Audits, Helius, SYMMIO, and Dialect.).

It changes the destination address of transactions and… — cygaar (@0xCygaar) September 8, 2025 The malware uses Levenshtein distance algorithms to execute the large-scale ￰12￱ crypto addresses are detected, the system replaces them with attacker addresses across Bitcoin, Ethereum, Solana, Tron, Litecoin, and Bitcoin Cash. Additionally, npm swiftly removed compromised packages, but transitive dependencies in tools like Babel and ESLint create persistent ￰13￱ are advised to use npm ci in build pipelines and pin affected packages to the last known safe ￰14￱ Grapples with Escalating Security Crisis The crypto ecosystem has been massively disrupted today, which could be regarded as one of the worst days for crypto security this ￰15￱ far this year, access control vulnerabilities, including misconfigured wallets and compromised legacy keys, represent 59% of industry losses according to Hacken’s mid-year ￰16￱ Sui blockchain faces particular scrutiny following the Nemo breach and May’s $223 million Cetus Protocol ￰17￱ earlier attack leveraged arithmetic overflow flaws in third-party code libraries, draining funds within 15 minutes.

Similarly, Venus Protocol lost $13.5 million earlier this month, while Bunni Protocol suffered $8.4 million in ￰18￱ latest hack marks the fourth major DeFi hack this month ￰19￱ frequency of attacks has accelerated despite increased security awareness and audit ￰20￱ warns that security risks arise from multiple sources, including coding errors, blockchain network vulnerabilities, and programming language ￰21￱ npm attack is particularly disturbing as it represents large-scale supply chain compromises, potentially affecting millions of unaware users across thousands of websites and applications.