SwissBorg (via Kiln staking partner): Partner API compromise — withdrawal authority transfer via hidden staking instructions
Kiln's compromised API let attackers bury 8 withdrawal authority changes inside a routine Solana unstaking transaction, then drain 192,600 SOL ($41.5M) from SwissBorg's staking program 8 days later.
Summary #
SwissBorg (via Kiln staking partner) suffered a Staking / Yield (via third-party API) on 2025-09-08, resulting in a loss of approximately $42M.
What happened #
Kiln's compromised API let attackers bury 8 withdrawal authority changes inside a routine Solana unstaking transaction, then drain 192,600 SOL ($41.5M) from SwissBorg's staking program 8 days later.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-062 — causal : External keeper/relayer dependency not redundant [via cross-hack: Factor 32: Third-Party API / Infrastructure Dependency] || External keeper/relayer dependency not redundant [via cross-hack: Factor 8: Off-Chain Infrastructure Dependency]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action: Y — Withdrawal authority was transferred via Kiln's compromised API; appeared as routine staking operations]
- RD-F-105 — causal : DNS / CDN / frontend change detected [via cross-hack: Factor 8: Off-Chain Infrastructure Dependency]