The SwissBorg SOL Earn Exploit: $41 Million Infrastructure Attack
By [Your Name] – Security Research Team
Introduction
On September 8, 2025, SwissBorg, a European crypto wealth management platform, suffered an exploit on its Solana staking product, SOL Earn. Attackers compromised an API with elevated signing privileges, draining approximately $41 million from staking accounts. This incident underscores the risk of infrastructure-layer vulnerabilities.
The Attack Vector
The attacker gained access to an API key that had authority to initiate withdrawals from staking accounts. It is believed the API credentials were stolen via phishing or an internal breach. Unlike private key theft, this attack exploited how the application interacted with the blockchain.
What Was Affected
| Component | Impact |
|---|---|
| SOL Earn staking accounts | Fully compromised (funds drained) |
| Other SwissBorg products | Unaffected |
| User funds | Eventually restored by SwissBorg |
The Recovery Process
SwissBorg immediately revoked the compromised API keys, secured remaining funds, and communicated with affected users. The company used its reserves to restore user balances, highlighting the importance of solvency and insurance.
Prevention Strategies
- API key rotation and minimal permissions: Keys should have the least privilege necessary.
- Multi-signature withdrawals: Require multiple approvals for large operations.
- Behavioral monitoring: Detect unusual withdrawal patterns.
Research Value
This case is a prime example of how infrastructure attacks differ from wallet-level thefts. Researchers can study the attack to understand API security best practices.
