Swiss crypto wealth management platform SwissBorg said hackers stole 193,000 Solana (SOL) tokens worth about $41 million after exploiting the API of its staking partner Kiln.
The attack hit SwissBorg’s Solana Earn program, where users deposit SOL to earn staking rewards without running validator nodes themselves. The program accounts for about 1% of users and 2% of assets. SwissBorg confirmed that its app and other Earn products, including Bitcoin and Ethereum, were not affected.
SOL’s price briefly fell from $217 to near $212 after news of the breach, before rebounding later in the day to recover most of its losses
SwissBorg’s Kiln API Breach Opens Door to Exploit
The breach originated at Kiln, a third-party staking infrastructure provider. Hackers compromised Kiln’s API, the connection that links SwissBorg’s app with Solana’s staking network, and used it to reroute funds. On-chain investigator ZachXBT reported that around 192,600 SOL tokens were drained.
SwissBorg and Kiln issued a joint statement confirming the exploit and said their teams “immediately activated incident response protocols to contain the situation.” Staking through Kiln has been paused while investigations continue.
SwissBorg CEO Cyrus Fazel described the incident in an X Space as “a bad day but not a fatal blow.” He added that the company’s treasury holds enough reserves to reimburse all affected users. The platform said it is also working with law enforcement agencies, exchanges, and white-hat hackers to trace the stolen funds, some of which have already been blocked. Blockchain records show the tokens were moved to a wallet now labeled “SwissBorg Exploiter” on Solscan, and users have been warned not to interact with the address.
You May Also Like: ZachXBT Exposes Crypto Crime Supercycle as 2025 Hacks and Scams Rise
A Day of Multiple Crypto Breaches
The SwissBorg exploit was not an isolated event. Within hours, several other projects reported major security failures.
On the Sui blockchain, Nemo Protocol lost about $2.4 million in USDC after an exploit drained its contracts. The attack cut its total value locked from more than $6 million to $1.5 million. Security firm PeckShield flagged the breach as attackers bridged funds to Ethereum, prompting Nemo to halt its contracts while it investigates.
Around the same time, Aqua, a Solana-based project, executed a rug pull worth roughly $4.65 million. The team disappeared with 21,770 SOL after promotion from partners including Meteora and Quill Audits. The funds were split across multiple addresses before being cashed out, and the project’s accounts disabled user replies after the exit.
In a separate blow to the broader Web3 ecosystem, hackers compromised 18 popular npm packages including chalk and debug. These are tools widely used in blockchain and browser applications. The malware intercepted crypto transactions and redirected them to attacker-controlled wallets. Security experts warned the incident could affect millions of users across multiple chains, given the packages’ billions of weekly downloads.
Industry trackers estimate that decentralized finance projects have lost $2.37 billion across 121 incidents so far in 2025. Roughly three-quarters of all breaches were linked to DeFi protocols, though centralized platforms suffered the largest single-event losses.
