SwissBorg Loses $41.5 Million in Supply Chain Attack Through Kiln Staking Provider

TL;DR

• Swiss wealth management platform SwissBorg lost approximately $41.5 million in a supply chain attack
• The breach targeted Kiln, a trusted third-party Solana staking provider, rather than SwissBorg directly
• Attackers seized control of nearly 193,000 SOL by embedding malicious instructions in a standard unstaking request
• The incident highlights growing risks of third-party dependencies in crypto infrastructure
• September 2025 saw roughly $127 million lost across 20 major crypto exploits

Swiss wealth management platform SwissBorg has become the victim of one of the largest crypto security breaches of September 2025, losing approximately $41.5 million in a sophisticated supply chain attack that exploited its third-party staking provider, Kiln. The attack, which occurred in the third week of September, did not target SwissBorg’s own infrastructure directly but instead compromised the trusted intermediary that handles Solana staking operations on its behalf.

How the Attack Unfolded

The attackers identified Kiln, a widely used staking infrastructure provider, as the weakest link in the chain. Rather than attempting to breach SwissBorg’s own security measures, they infiltrated Kiln’s systems and embedded malicious instructions within what appeared to be a routine unstaking request.

When the request was processed, the hidden payload granted the attackers control over nearly 193,000 SOL, valued at approximately $46.2 million at September 2025 prices near $239 per token. The malicious code was carefully concealed within the normal data flow of the unstaking process, making it extremely difficult to detect through standard monitoring.

The Supply Chain Vulnerability

This attack exemplifies a growing trend in crypto exploitation: targeting the interconnected web of service providers rather than the primary platforms themselves. As the crypto ecosystem has matured, projects increasingly rely on specialized infrastructure providers for staking, custody, and data services. Each of these relationships creates a potential attack surface.

Kiln, as a staking provider, had privileged access to customer funds by the very nature of its service. When that trust was compromised, the downstream effects cascaded to SwissBorg and its users. The attack demonstrates that a platform’s security posture is only as strong as its most vulnerable third-party dependency.

September 2025 Security Landscape

The SwissBorg-Kiln incident was part of a broader wave of crypto exploits during September 2025. According to blockchain security firm PeckShield, approximately 20 major crypto exploits occurred during the month, resulting in combined losses of $127 million. While this figure represents a 22% decline from August’s $163 million in losses, the month still underscored persistent vulnerabilities across the ecosystem.

Other significant September incidents included the UXLINK exploit, which ultimately cost the Web3 social project approximately $44 million through a compromised multisig wallet, and a phishing attack on the Venus lending platform that cost a single user $13 million.

Broader Trends in 2025

The SwissBorg breach fits into a troubling pattern for 2025. Blockchain security firms report that over $3.1 billion was stolen in the first half of the year alone, already surpassing the full-year total of $2.85 billion in 2024. Supply chain attacks and access control failures have emerged as dominant vectors, with wallet compromises accounting for approximately 69% of losses by value in the first half of the year.

The year has also seen a shift in attacker methodology. Rather than focusing solely on smart contract vulnerabilities, threat actors increasingly exploit operational weaknesses: compromised private keys, social engineering, and supply chain infiltration. The $1.5 billion Bybit breach in Q1 2025, attributed to North Korean-linked actors, exemplified this trend on a massive scale.

Why This Matters

The SwissBorg-Kiln attack serves as a stark reminder that decentralization does not eliminate centralized points of failure. While blockchains themselves may be secure, the infrastructure built around them often relies on trusted intermediaries that can become single points of compromise.

For users, the incident underscores the importance of understanding how and where their assets are custodied. For platforms, it highlights the critical need for rigorous due diligence on third-party providers, regular security audits of supply chain relationships, and contingency plans for when trusted partners are compromised.

As Bitcoin trades near $115,700 and Ethereum hovers around $4,480, the growing value locked in crypto ecosystems makes every vulnerability more lucrative for attackers. The industry’s security practices must evolve at least as quickly as the threats they face.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making investment decisions.