SwissBorg suffered a serious hack: $41.5M in Solana stolen from the SOL Earn programme after an API exploit.
SwissBorg, a crypto wallet and exchange service, has confirmed that a major security breach allowed attackers to steal Solana (SOL) worth $41.5 million from its staking protocol.
The attack, conducted against the company's SOL Earn programme, was made possible by cybercriminals exploiting an API vulnerability.
Details of the attack
Crypto investigator ZachXBT was the first to inform the community of the ongoing theft, posting a alert message on Telegram in which it spoke of a "serious Solana hack" in progress. SwissBorg immediately responded in the same thread, alerting users that its Solana staking programme had been completely compromised.
SOL Earn Incident & SwissBorg Recovery Plan
A partner API was compromised, impacting our SOL Earn Program (~193k SOL, <1% of users). 👉 Rest assured, the SwissBorg app remains fully secure and all other funds in Earn programs are 100% safe.
"A partner API has been compromised, impacting our SOL Earn programme (~193,000 SOLs, &l;1% of users). Rest assured that the SwissBorg app remains completely secure, and all other funds in the Earn programmes are 100% protected," SwissBorg stated on X.
Subsequently, the company confirmed that the hack only affected the SOL Earn programme. Nevertheless, the losses for the company are expected to be significant, as SwissBorg has been among Solana's most vocal supporters in recent years. CEO Cyrus Fazel had even praised SOL's bullish outlook in an interview in 2024.
On-chain data from Arkham Intelligence indicate that SwissBorg held $72.6 million in Solana prior to the attack. If confirmed, the hackers would have been able to drain well over half of the company's total SOL reserves. The SOL Earn programme accounted for about 1% of the user base before the attack, so it is not yet clear to what extent the incident impacted the platform as a whole. However, a loss of this magnitude will inevitably affect the company's treasury.
SwissBorg has confirmed that it will reimburse customers using its own funds, to return a 'significant portion' of their balances. Without an effective recovery, however, the platform has admitted that it will not be able to fully reimburse all affected users.
Consequences for the industry
Hacks based on API exploits are becoming an increasingly common attack vector in the crypto industry. Even when a platform's internal security measures are robust, partner integrations can be a weak point. A recent JavaScript exploit has shaken up the industry, highlighting the inherent risks of such collaborations.
ZachXBT, which has been warning the community for months of the arrival of a 'criminal super-cycle', described the exploit against SwissBorg as the work of highly organised cyber criminals, capable of stealing millions from digital asset platforms.
Recovery plans
SwissBorg said it will be transparent in its investigation of the theft. The CEO, Cyrus Fazel, scheduled a live broadcast in the afternoon to outline the company's future plans.
In the meantime, blockchain investigators and white-hat hackers are tracking the movement of stolen funds to support recovery operations. Although the effectiveness of crypto crime prevention remains debatable, the incident will likely add to the demand for greater security for platforms and their ecosystems.
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)
SwissBorg, a crypto wallet and exchange service, has confirmed that a major security breach allowed attackers to steal Solana (SOL) worth $41.5 million from its staking protocol.
The attack, conducted against the company's SOL Earn programme, was made possible by cybercriminals exploiting an API vulnerability.
Details of the attack
Crypto investigator ZachXBT was the first to inform the community of the ongoing theft, posting a alert message on Telegram in which it spoke of a "serious Solana hack" in progress. SwissBorg immediately responded in the same thread, alerting users that its Solana staking programme had been completely compromised.
Subsequently, the company confirmed that the hack only affected the SOL Earn programme. Nevertheless, the losses for the company are expected to be significant, as SwissBorg has been among Solana's most vocal supporters in recent years. CEO Cyrus Fazel had even praised SOL's bullish outlook in an interview in 2024.
On-chain data from Arkham Intelligence indicate that SwissBorg held $72.6 million in Solana prior to the attack. If confirmed, the hackers would have been able to drain well over half of the company's total SOL reserves. The SOL Earn programme accounted for about 1% of the user base before the attack, so it is not yet clear to what extent the incident impacted the platform as a whole. However, a loss of this magnitude will inevitably affect the company's treasury.
SwissBorg has confirmed that it will reimburse customers using its own funds, to return a 'significant portion' of their balances. Without an effective recovery, however, the platform has admitted that it will not be able to fully reimburse all affected users.
Consequences for the industry
Hacks based on API exploits are becoming an increasingly common attack vector in the crypto industry. Even when a platform's internal security measures are robust, partner integrations can be a weak point. A recent JavaScript exploit has shaken up the industry, highlighting the inherent risks of such collaborations.
ZachXBT, which has been warning the community for months of the arrival of a 'criminal super-cycle', described the exploit against SwissBorg as the work of highly organised cyber criminals, capable of stealing millions from digital asset platforms.
Recovery plans
SwissBorg said it will be transparent in its investigation of the theft. The CEO, Cyrus Fazel, scheduled a live broadcast in the afternoon to outline the company's future plans.
In the meantime, blockchain investigators and white-hat hackers are tracking the movement of stolen funds to support recovery operations. Although the effectiveness of crypto crime prevention remains debatable, the incident will likely add to the demand for greater security for platforms and their ecosystems.
Read Next
Crypto Clash: Beijing Blames US for LuBian's 127,000 BTC Bitcoin Exploit
China accuses Washington of 'draining' 127,000 BTC from LuBian in 2020. Researchers link the exploit to a flaw in key generation.
New Eleven Drainer attack: threat to crypto wallets
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
North Korea: The Ultimate Cyber-Attack? Evasive Malware and Blockchain in the Crosshairs.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)