SwissBorg Hit by $41M Solana Theft in Kiln API Compromise

The company clarified that only 1% of users were affected and pledged full reimbursement. meanwhile, a massive supply chain hack targeting JavaScript libraries downloaded over a billion times, but surprisingly only netted attackers less than $50 in stolen crypto. However, experts warned that the potential risks are still ￰0￱ Steal $41M in SOL from SwissBorg SwissBorg, a Switzerland-based crypto wealth management platform, confirmed that it suffered a security breach involving its staking partner Kiln that resulted in the theft of about 193,000 Solana ￰1￱ exploit targeted Kiln’s API, and drained funds from SwissBorg’s Solana Earn program which amounted to roughly $41 million at the time of the ￰2￱ the scale of the hack, SwissBorg explained that its app and other Earn products were unaffected, with the vulnerability traced back to Kiln’s infrastructure rather than its own ￰3￱ attacks like this one exploit the software bridge that enables communication between different ￰4￱ this case, Kiln’s API was compromised, which allowed hackers to manipulate requests and siphon tokens meant for staking on the Solana ￰5￱ stated that the breach only impacted users who deposited Solana into its Earn program, which makes up about 1% of its customer base and 2% of total assets under ￰6￱ Cyrus Fazel addressed the issue in an X Space , and admitted that the loss was big but it did not threaten the company’s overall financial ￰7￱ Fazel during an X Space addressing the hack The Solana Earn program, powered by Kiln, was designed to make staking simple for retail investors who might not want to deal with the complexities of running validator nodes or engaging directly with DeFi ￰8￱ the attack was a setback, SwissBorg reassured its customers that affected users will be ￰9￱ company also pointed out that its treasury reserves were strong enough to cover losses immediately and pledged to move forward with reimbursements while continuing to work with international agencies, exchanges, and white-hat hackers to trace and block stolen ￰10￱ data shows that the stolen assets were routed to a Solana wallet now flagged on Solscan as belonging to the “SwissBorg Exploiter.” The company advised users to avoid interacting with this address during their ￰11￱ described the incident as “a bad day for SwissBorg,” but one that will ultimately serve as a learning ￰12￱ the disruption, SwissBorg said daily operations remain unaffected, and its broader suite of crypto yield products is still intact. $50 Lost in Supply Chain Hack Meanwhile, hackers have managed to steal less than $50 worth of crypto in what researchers are calling a massive supply chain attack targeting JavaScript software ￰13￱ to security intelligence platform Security Alliance , attackers broke into the node package manager (NPM) account of a well-known developer and inserted malware into popular libraries downloaded more than a billion ￰14￱ breach specifically targeted Ethereum and Solana wallets, but so far the actual damage has been ￰15￱ Alliance revealed that the only malicious address it has identified, an Ethereum wallet labeled “0xFc4a48,” received just a handful of tokens including ETH and several meme coins like Brett, Andy, Dork Lord, Ethervista, and Gondola.

Initially, the value of the compromised funds was reported at just five cents, before climbing to around $50 as more small transfers were ￰16￱ relatively tiny haul prompted Security Alliance to say that hackers squandered what could have been one of the most damaging supply chain exploits in the industry’s ￰17￱ attack involved packages like chalk, strip-ansi, and color-convert, which are deeply embedded in the dependency chains of countless ￰18￱ means even developers who never installed the compromised packages directly may still be exposed if their projects depend on them ￰19￱ malware that was planted appears to be a crypto-clipper, which is designed to silently swap out wallet addresses during transactions to siphon ￰20￱ the low dollar impact so far, experts are urging caution.

Ledger’s chief technology officer Charles Guillemet advised users to carefully verify on-chain transactions, but Ledger confirmed its hardware devices were not directly affected. Meanwhile, 0xngmi, founder of DeFiLlama, mentioned that only crypto projects that updated after the malicious NPM code was pushed are at risk, and even then, users would need to approve the compromised transactions for funds to be taken. Still, he thinks that users may want to avoid interacting with crypto websites until developers confirm that their platforms are no longer relying on infected ￰21￱ the outcome so far seems like a missed opportunity for attackers, the sheer scale of the breach shed some light on the fragility of supply chain security in open-source software and how deeply even small libraries are integrated into critical crypto infrastructure.