Lessons From The Recent Solana Hack: Rethinking Staking Security

A Wake-Up Call for Staking Security

The recent string of incidents in staking and blockchain infrastructure highlights a truth our industry can’t ignore: resilience, security, and compliance are everything. From infrastructure issues that forced validator exits, to the $41M API compromise impacting SwissBorg, to the ripple effects of Node Package Manager (NPM) vulnerabilities — these events remind us how critical it is to choose partners that prioritize security and operational stability above all else.

On September 8, 2025, a major staking platform suffered an API compromise that enabled attackers to redirect withdrawal authority over Solana staking accounts. According to Coindesk, SwissBorg’s SOL Earn Wallet Exploited for $41.5M After Partner's API Is Compromised. Roughly $41 million worth of SOL was stolen out of staking programs.

How It Happened

The attacker exploited a vulnerability in an API with elevated signing privileges. By manipulating this API, the attacker was able to:

• Change withdrawal authority for Solana stake accounts.
• Create and sign unauthorized transactions.
• Drain funds directly from affected stake accounts

Why It Escalated

Two key conditions amplified the impact:

• Centralized control over both stake and withdrawal authority — once the API was compromised, accounts under its control were exposed.
• Automated signing permissions — the API had privileges for critical operations (changing withdrawal authority, deactivating stakes, and withdrawing funds), which the attacker fully exploited.

The Swissborg Solana incident, resulted in roughly $41 million in SOL being drained across multiple stake accounts, though it was confined to Solana staking products and did not impact other chains or services. Swissborg acted swiftly, acknowledged the SOL Earn incident, and immediately began recovery efforts. With assurances that affected users would be reimbursed. Beyond the direct financial loss, the episode underscored how quickly a single compromised API can trigger catastrophic consequences—eroding trust, exposing institutions and retail users to compliance risks, and demonstrating the fragility of systems that lack robust privilege separation.

While the immediate losses were confined to Solana staking accounts, the compromised API had broader implications. The same infrastructure also managed withdrawal credentials for Ethereum validators through a smart contract accessible by the API. Out of caution, Coindesk reported that Kiln Exits Ethereum Validators in ‘Orderly’ Move Following SwissBorg Exploit to return ETH to stakers. This precaution underscores that the consequences of an API breach can extend far beyond a single network or asset — not only the $41M stolen in SOL, but the systemic exposure that arises when critical signing authority is concentrated and accessible through vulnerable interfaces.

Technical Failures Become Institutional Risks

When validators are forced offline or compromised, the technical impact is only part of the story. Institutions and partners who rely on consistent staking rewards, seamless validator operations, and uninterrupted uptime also face reputational, compliance, and financial challenges. These ripple effects can erode trust far faster than they can be repaired.

Key and Authority Management

Secure staking begins with uncompromising control over keys and authorities. Withdrawal credentials represent the ultimate control of funds, and concentrating that power in a single provider or API introduces systemic risk. To mitigate this, industry best practices call for:

• Client ownership of funds: By default, credentials should remain with the client — not intermediaries. Custody of funds should never transfer unless absolutely necessary.
• Separation of stake and withdrawal authority: Where protocols permit, these powers must be segregated so that no single compromise can unlock both.
• Hardened withdrawal operations: Hardware security modules (HSMs) with quorum approval (M-of-N) should govern all withdrawal actions by the owner of the funds.
• No hot signing for high-impact actions: Critical operations — such as changing withdrawal authority or mass deactivations — require deliberate, out-of-band approvals.

By distributing control and hardening key operations, institutions can ensure that even if one layer is breached, catastrophic loss is prevented.

Staking Architecture Choices

Architecture determines the scale of risk. Custodial concentration magnifies exposure, while non-custodial designs limit blast radius and align with the ethos of decentralization.

• In a non-custodial model, the provider operates staking services, but clients retain token custody. This preserves security without sacrificing operational support.
• If a smart-contract intermediary is introduced, it must include emergency circuit breakers—such as time-locks, capped daily withdrawals, or escape hatches.
• Systems should hold minimal value at rest, avoiding unnecessary accumulation of assets that can be accessed without verification.

A well-designed architecture does not just optimize staking efficiency; it constrains the damage that any single exploit can cause.

Vendor Due Diligence & Compliance

The incident has shown how quickly a single weak link can cascade into catastrophic losses. Baseline safeguards are no longer optional: client-held withdrawal credentials, independent audits, and transparent operational practices must be standard. Convenience and yield alone cannot justify exposing assets to systemic risk.

• Institutions should rigorously evaluate vendors and ask:
• Who controls withdrawal credentials?
• What independent audits (e.g., SOC 2) validate internal controls?
• How are APIs secured, restricted, and monitored?

Looking Ahead

The Solana incident involving SwissBorg and its staking partner’s API is a reminder of how layered technical vulnerabilities can be, particularly those tied to withdrawal authority. This wake-up call should not paralyze the industry, but galvanize it. Stronger key management, resilient architectures, and transparent vendor practices are essential to turning painful lessons into a sturdier foundation. The future of staking depends not on avoiding risk entirely, but on building systems resilient enough to withstand it — with institutions that prioritize security today positioned to earn trust tomorrow.

The stakes are clear: convenience and yield mean little without trust. Institutions must demand uncompromising key control, verifiable audits, and architectures that align with the principles of decentralization. The industry cannot afford another $41 million lesson. The difference between repeating past mistakes and building lasting confidence will hinge on whether security continues to be treated as a checkbox or is recognized for what it truly is — the foundation upon which all staking rests.