SwissBorg Hit by $41.5M SOL Hack After API Partner Breach

Crypto Journalist

Anas Hassan

Crypto Journalist

Anas Hassan

About Author

Anas is a crypto native journalist and SEO writer with over five years of writing experience covering blockchain, crypto, DeFi, and emerging tech.

Last updated:

September 8, 2025

Swiss crypto platform SwissBorg lost $41.5 million worth of Solana (SOL) tokens after hackers compromised partner API provider Kiln, marking the latest in a devastating series of cyber attacks that struck the crypto ecosystem within hours of each other.

On-chain investigator ZachXBT reported that approximately 192,600 SOL tokens were stolen from SwissBorg’s SOL Earn program, affecting less than 1% of users.

The platform immediately allocated its SOL treasury to cover most user losses while engaging white-hat hackers for fund recovery efforts.

SwissBorg confirmed that its SOL treasury will compensate affected users for the majority of their losses, with final figures to be determined.

The company emphasized that its strong financial health remains intact, and it will continue day-to-day operations unaffected by the security incident.

SOL Earn Incident & SwissBorg Recovery Plan

A partner API was compromised, impacting our SOL Earn Program (~193k SOL, <1% of users).
👉 Rest assured, the SwissBorg app remains fully secure and all other funds in Earn programs are 100% safe.

Our recovery plan.
Immediate Actions…

— SwissBorg (@swissborg) September 8, 2025

Quite a Day in Crypto: Cascade of Security Failures

The SwissBorg incident coincided with multiple high-profile breaches across the crypto ecosystem.

Earlier today, Nemo Protocol on the Sui blockchain suffered a $2.4 million exploit that crashed its total value locked from $6.3 million to $1.57 million as users fled the platform.

The attack targeted Nemo’s yield-trading mechanism, which splits staked assets into Principal Tokens and Yield Tokens for speculation purposes.

PeckShieldAlert detected the breach as hackers swiftly moved stolen USDC via Circle by bridging from Arbitrum to Ethereum.

Following the exploit, user withdrawals exceeded $3.8 million worth of USDC and SUI tokens. Nemo halted all smart contract operations during scheduled maintenance windows to investigate the vulnerability’s root cause.

Just today, the Solana project Aqua executed a $4.65 million rug pull involving 21,770 SOL tokens after promotion by teams including Meteora, Quill Audits, Helius, SYMMIO, and Dialect.

Swiss Crypto Platform SwissBorg Hit by $41.5M SOL Hack After Partner API Compromise — Source: Telegram

The funds were split four ways and transferred through intermediary addresses before reaching instant exchanges.

The team disabled Twitter replies across all posts following the exit scam.

These attacks contribute to 2025’s $2.37 billion in DeFi losses across 121 security incidents during the first half alone.

DeFi protocols account for 76% of breach cases, though centralized exchanges recorded higher single losses.

npm Supply Chain Attack Threatens Entire Ecosystem

On a massive scale, hackers compromised the npm account of respected developer Josh Goldberg, publishing malicious versions of 18 popular JavaScript packages, including chalk and debug.

The affected packages receive over 2 billion weekly downloads, potentially exposing the entire JavaScript ecosystem.

The sophisticated crypto-clipper malware intercepts browser functions to hijack crypto transactions by replacing recipient addresses with attacker-controlled wallets.

The payload targets foundational packages like strip-ansi, color-convert, and error-ex buried deep within dependency trees.

Security experts warned users to verify every hardware wallet transaction and avoid web-based on-chain activity until patches are deployed.

I would strongly recommend not signing any crypto transactions right now.

There is a huge supply chain attack on popular NPM packages that may have compromised various crypto websites (frontend, not the actual contracts).

It changes the destination address of transactions and…

— cygaar (@0xCygaar) September 8, 2025

The malware uses Levenshtein distance algorithms to execute the large-scale hack.

When crypto addresses are detected, the system replaces them with attacker addresses across Bitcoin, Ethereum, Solana, Tron, Litecoin, and Bitcoin Cash.

Additionally, npm swiftly removed compromised packages, but transitive dependencies in tools like Babel and ESLint create persistent risks.

Developers are advised to use npm ci in build pipelines and pin affected packages to the last known safe versions.

Industry Grapples with Escalating Security Crisis

The crypto ecosystem has been massively disrupted today, which could be regarded as one of the worst days for crypto security this year.

So far this year, access control vulnerabilities, including misconfigured wallets and compromised legacy keys, represent 59% of industry losses according to Hacken’s mid-year assessment.

The Sui blockchain faces particular scrutiny following the Nemo breach and May’s $223 million Cetus Protocol exploit.

The earlier attack leveraged arithmetic overflow flaws in third-party code libraries, draining funds within 15 minutes.

Similarly, Venus Protocol lost $13.5 million earlier this month, while Bunni Protocol suffered $8.4 million in theft. This latest hack marks the fourth major DeFi hack this month alone.

The frequency of attacks has accelerated despite increased security awareness and audit practices.

CertiK warns that security risks arise from multiple sources, including coding errors, blockchain network vulnerabilities, and programming language limitations.

The npm attack is particularly disturbing as it represents large-scale supply chain compromises, potentially affecting millions of unaware users across thousands of websites and applications.