SwissBorg Gets Hacked $41 Million — SOL Earn Lost

SwissBorg confirmed a major security breach that drained roughly 193,000 SOL — nearly $41 million — from its Solana Earn staking product after an API run by staking partner Kiln was compromised. The attackers manipulated the partner API to redirect funds away from the Earn pool, underscoring the systemic risk posed by third‑party infrastructure in crypto and DeFi.

Solana Earn allows users to stake SOL for rewards; in this case the compromised API acted as the bridge between SwissBorg’s application and the staking service, enabling unauthorized withdrawals and direct access to Earn pool assets.

SwissBorg says the incident impacted a small portion of its community — roughly 1% of users and about 2% of Earn assets — and in some communications described the user impact as under 1%. Despite the loss, company leadership emphasised that the main SwissBorg app and other Earn products remain secure and that daily operations continue without disruption.

SwissBorg has paused redemptions from the Solana Earn program while teams investigate. Leadership confirmed the treasury can cover the losses immediately and pledged to reimburse affected customers.

“The treasury can cover the losses immediately” — SwissBorg has pledged to reimburse affected customers and is pursuing recovery and containment efforts.

Immediate response measures reported by SwissBorg include:

• Engaging law enforcement and external security firms
• Working with white‑hat hackers to trace and recover funds
• Blocking some suspicious transactions, indicating initial containment
• Pausing redemptions from the affected Earn product to prevent further outflows

The incident highlights growing concerns around API security, staking partner dependencies, and operational resilience across the crypto ecosystem — particularly on high‑throughput networks like Solana. SwissBorg says it will bolster security measures and review third‑party integrations to prevent similar incidents, while the broader industry watches closely for fallout and lessons on tightening custody, API controls and staking provider oversight.