SwissBorg

SwissBorg, a Switzerland-based cryptocurrency platform, suffered a cyber incident where approximately $41 million worth of cryptocurrency (192,600 Solana coins) was stolen from an external decentralized finance wallet managed by its partner, Kiln, a cryptocurrency infrastructure company. The breach occurred via Kiln’s API, which SwissBorg used to interact with Solana’s blockchain. While SwissBorg’s own platform was not directly hacked, the incident exposed vulnerabilities in its third-party dependencies. The stolen funds accounted for 2% of SwissBorg’s total assets, affecting 1% of its users. The company assured full compensation for victims and collaborated with blockchain security firms (e.g., Chainalysis, ZachXBT) and law enforcement to investigate and recover funds. SwissBorg paused Solana staking transactions to prevent further exposure. Kiln confirmed the attack’s root cause was identified, and both firms activated incident response protocols to contain the breach. Despite the significant financial loss, SwissBorg emphasized its financial stability and commitment to mitigating the impact.

Source: https://therecord.media/swissborg-platform-solana-cryptocurrency-stolen

TPRM report: https://www.rankiteo.com/company/swissborg

"id": "swi2192621091025",
"linkid": "swissborg",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': '1% of users',
                        'industry': 'financial services (DeFi/crypto)',
                        'location': 'Switzerland',
                        'name': 'SwissBorg',
                        'type': 'cryptocurrency platform'},
                       {'industry': 'blockchain/DeFi',
                        'name': 'Kiln',
                        'type': 'cryptocurrency infrastructure company'}],
 'attack_vector': ['compromised API', 'unauthorized wallet access'],
 'customer_advisories': ['assurance of full compensation',
                         'temporary pause on Solana staking'],
 'date_detected': '2025-MM-DD (exact date not specified; incident occurred on '
                  'a Monday, reported on Tuesday)',
 'date_publicly_disclosed': '2025-MM-DD (disclosed on Tuesday following Monday '
                            'breach)',
 'description': 'The SwissBorg platform reported that approximately $41 '
                'million worth of cryptocurrency (192,600 Solana coins) was '
                'stolen during a cyber incident affecting its partner company, '
                'Kiln. The breach occurred via Kiln’s API, which SwissBorg '
                'uses to communicate with Solana. The stolen funds represent '
                '2% of SwissBorg’s total assets, and about 1% of users were '
                'affected. SwissBorg pledged to compensate all affected '
                'customers and is investigating the incident with blockchain '
                'security firms (e.g., Chainalysis, ZachXBT) and law '
                'enforcement. Kiln confirmed unauthorized access to a staking '
                'wallet and paused Solana staking transactions to prevent '
                'further impact.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'high-profile breach and compensation '
                                       'efforts',
            'downtime': 'Solana staking transactions paused (duration '
                        'unspecified)',
            'financial_loss': '$41 million (192,600 Solana coins)',
            'operational_impact': 'Temporary suspension of Solana staking; 1% '
                                  'of users affected',
            'systems_affected': ['Kiln’s API', 'Solana staking wallet']},
 'initial_access_broker': {'entry_point': 'Kiln’s API (used for Solana staking '
                                          'operations)',
                           'high_value_targets': ['Solana staking wallet']},
 'investigation_status': 'ongoing (root cause identified by Kiln; recovery '
                         'efforts in progress)',
 'motivation': 'financial gain (cryptocurrency theft)',
 'post_incident_analysis': {'root_causes': 'API vulnerability in Kiln’s '
                                           'infrastructure'},
 'references': [{'source': 'SwissBorg public statement'},
                {'source': 'Kiln blog post'},
                {'source': 'Chainalysis cryptocurrency theft report (2025)'}],
 'response': {'communication_strategy': ['public statements',
                                         'CEO video update',
                                         'blog post by Kiln'],
              'containment_measures': ['paused Solana staking transactions',
                                       'blocked suspicious transactions via '
                                       'global exchanges'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'recovery_measures': ['compensation for affected users',
                                    'attempting to recover stolen funds'],
              'third_party_assistance': ['Chainalysis',
                                         'ZachXBT',
                                         'other blockchain security firms']},
 'stakeholder_advisories': ['CEO video update', 'public compensation pledge'],
 'title': 'SwissBorg Cryptocurrency Theft via Partner (Kiln) API Breach',
 'type': ['cyberattack',
          'cryptocurrency theft',
          'API breach',
          'unauthorized access'],
 'vulnerability_exploited': 'API security flaw in Kiln’s infrastructure (used '
                            'for Solana staking operations)'}

SwissBorg

Ronald Reagan Washington National Airport: What to do after a data breach, according to identity theft experts

Telus Digital and Telus Corp.: Telus Digital investigates cyberattack on 'limited number' of its systems

Microsoft: Paubox Research on Email Security Identifies Top Security Risks in 2026