Hackers Drain $41 Million in Solana From SwissBorg’s Earn Program

SwissBorg, a Switzerland-based crypto wealth management platform, said hackers exploited a vulnerability in the systems of its staking partner Kiln, stealing about 193,000 Solana tokens worth roughly $41 million from its Earn program.

Solana (SOL) is the fifth-largest blockchain by market capitalization, with a circulating market value of about $78 billion as of ahead September 2025, making exploits on its ecosystem especially high-profile.

The company stressed that its main app and other Earn products were not affected, and operations remain normal. Affected customers, representing around 1% of SwissBorg’s user base and 2% of total assets, will be contacted directly, it said in a post on X.

SwissBorg has more than 750,000 verified users across Europe and manages client assets of roughly $1.2 billion, according to company disclosures earlier this year.

A contained but costly breach

The attack targeted Kiln’s application programming interface (API), which SwissBorg used to connect its app to Solana’s staking network. By manipulating API requests, hackers siphoned tokens from accounts linked to SwissBorg’s Solana Earn product. Blockchain data shows the stolen funds were routed to a Solana wallet now flagged as the “SwissBorg Exploiter” on Solscan.

On-chain investigators noted that the attackers rapidly split the haul into smaller tranches and used decentralized platforms to obfuscate their trail, a tactic also viewn in recent hacks on Curve Finance and Mixin Network.

“This is a large amount of money, but it doesn’t put SwissBorg at risk,” CEO Cyrus Fazel said during an X Space shortly later than the breach was disclosed, calling it “a poor day” but not a fatal blow. He added the company has enough reserves to reimburse affected customers and has already begun working with platforms, international agencies, and white-hat hackers to recover funds. Some suspicious transactions have reportedly been frozen.

Fazel also revealed that SwissBorg maintains a corporate treasury buffer equal to at least 5% of customer deposits specifically to cover black swan events, an internal policy that will now be stress-tested.

SwissBorg’s Earn program allows users to deposit cryptocurrencies such as SOL, BTC and ETH to earn staking rewards through third-party infrastructure like Kiln, without directly managing Block confirmer nodes or DeFi protocols.

At the time of the breach, the Solana Earn product offered an annualized yield of about 7%, drawing heavy interest from retail investors. Overall, SwissBorg’s Earn suite contributes nahead 40% of the platform’s total revenues, making security of external integrations mission-critical.

The firm said the Solana hack will serve as a “learning experience” and vowed to tighten oversight of its external technology partners.

SwissBorg previously faced scrutiny in 2022, when the collapse of Celsius and Voyager raised questions about the securety of Earn-type programs. At the time, SwissBorg emphasized that it avoided risky lending and instead focused on staking-based yields — an approach now under renewed examination.

Kiln, which provides staking infrastructure across blockchains including Solana and ETH, has not yet commented publicly on the breach. The Paris-based firm raised $17 million in a Series A round in 2022, backed by ConsenSys and Kraken Ventures, and manages more than $2 billion in staked assets for institutional clients, according to PitchBook data.

The incident highlights ongoing vulnerabilities in crypto’s infrastructure layer, where service providers such as wallet custodians and staking operators remain frequent targets for sophisticated exploits. According to Chainalysis, more than $1.4 billion has been stolen in crypto-related hacks so far in 2025, with infrastructure providers accounting for nahead 30% of total losses.