Last week, the Swiss crypto exchange Swissborg reported a hack of a DeFi wallet belonging to external staking provider Kiln. Around 41 million US dollars in Solana from customers of the SOL-EARN program were affected.
Another attack has hit a crypto exchange in Crypto Valley. Following the 22 million USD hack of Zug-based platform Lykke, which had to file for bankruptcy last December, customers are understandably unsettled. In a statement on the official blog Swissborg CEO Cyrus Fazel attempted to ease the situation. The incident involved SOL worth about 41 million USD, which represents only 2% of SwissBorg’s total assets and affects less than 1% of users. Customers will not incur any losses, according to the post.
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
Swissborg exploit: only Solana stakers affected
In a post on X the CEO explained that Swissborg’s systems were not hacked and that daily operations continue as normal. Customers of the “SOL-EARN” staking program were supposedly collateral damage in a larger incident affecting their institutional staking provider Kiln. Swissborg is finalizing plans to initiate an investor recovery process. An official announcement from the exchange is expected in the coming days, as CVJ.CH has learned.
Through an independent proof-of-reserves audit, CVJ.CH was able to confirm that Swissborg custodies client funds worth around 1.84 billion USD. The damage thus amounts to about 2.2% of total assets, as officially communicated. For comparison: Lykke managed around 68 million USD at the time of its incident, according to court documents - the shortfall equaled one third of client funds and was impossible to cover. Swissborg is therefore in a significantly stronger financial position.
How will SOL-EARN customers be compensated?
According to the blog post, all balances in the Swissborg app remain unchanged. Only withdrawals from the SOL-EARN strategy have been temporarily suspended until recovery measures are completed. The exchange is working with leading blockchain security specialists and law enforcement agencies to recover the funds. Swissborg guarantees affected users that they will not suffer any losses. Any shortfalls will be covered by “Swissborg’s SOL Treasury.”
When asked by CVJ.CH, the exchange declined to provide further details on the size and origin of these additional Solana reserves. The published proof-of-reserves only covers wallets holding customer funds. While only 2.2% of total assets are affected, the exploit likely drained a significant portion of the SOL-EARN strategy. Even with $1.84 billion in assets under custody, a full coverage will be costly for the exchange. The following options could be on the table to fill the gap:
- Swissborg last raised 23 million USD in a Series A funding round in 2023. The 50 million USD initial coin offering (ICO) took place almost seven years ago. Full coverage out of pocket through past funding rounds therefore appears unlikely.
- Staking providers such as Kiln typically charge a fee on staking rewards. Swissborg also allocates a certain percentage to a buyback program. Over the three years since the service was launched, several million may have accumulated this way.
- Staking provider Kiln last raised 17 million USD in a Series A funding round in December 2023. The company may also contribute to repayments, though the total damage - including clients outside Swissborg - could be even greater.
- Swissborg’s own BORG token currently trades at a market capitalization of 400 million USD. 37.5% of the original supply was reserved for the team and “future development.” The exchange could use part of these tokens to compensate users. However, this would likely create selling pressure for the BORG token.
- If ongoing business profits and the above options are insufficient to fully cover the shortfall, Swissborg could mix EARN strategy funds with its custodial Solana holdings - according to the proof-of-reserves, the exchange custodies 105 million USD in SOL for clients. While this solution would be controversial and could not withstand a bank run, it might be enough to cover the gap if carefully disguised.
Ultimately, such incidents confirm the old Bitcoin credo: "not your keys, not your coins".
