SwissBorg Suffers $41.5M SOL Hack; NPM Attack Looms
Crypto Security Weekly: SwissBorg Hack, NPM Threat, and More
Welcome to your weekly update on critical developments in cryptocurrency security. This week, we cover a major exploit, a supply chain threat, and key exchange updates.
SwissBorg's SOL Earn Wallet Hit by $41.5M Exploit
Crypto exchange SwissBorg reported a theft of approximately 192,600 SOL ($41.5 million) from an external wallet used for its SOL Earn strategy. The breach originated from a compromised API of a partner, affecting a single counterparty. According to SwissBorg, this was not a hack of their core platform.
Key details:
- Impacted less than 1% of users.
- Represents about 2% of SwissBorg’s total assets.
- All other funds and strategies remain secure.
- User balances within the SwissBorg app are unaffected.
SOL Earn redemptions are currently paused. SwissBorg has pledged to cover any shortfall, ensuring no user losses, and is collaborating with white-hat hackers, security firms, and law enforcement for recovery efforts. A full incident report is expected upon conclusion of investigations.
This incident underscores the rising threat of crypto thefts, which have already surpassed $2.17 billion in 2025.
Ledger CTO Warns of NPM Supply Chain Attack
Charles Guillemet, CTO of Ledger, issued a warning about a large-scale supply chain attack targeting the Node Package Manager (NPM). A reputable developer’s account was compromised, and malicious code has been injected into packages with over 1 billion downloads.
The malicious code silently swaps crypto wallet addresses in transactions, potentially redirecting funds to the attacker without the user's knowledge. While initial reports suggested widespread impact, Guillemet later clarified that very few crypto users were actually affected.
This highlights the vulnerabilities within open-source software and the potential for security lapses to rapidly impact the crypto ecosystem. For developers, ensuring the integrity of dependencies is crucial, and tools like Codeum's smart contract auditing can help mitigate risks from compromised libraries.
Backpack Exchange Expands in Europe
Backpack Exchange has launched its European division, Backpack EU, operating out of Cyprus under the EU’s MiFID II framework. Backpack EU aims to be among the first fully regulated venues in Europe to offer crypto derivatives, beginning with perpetual futures. This follows Backpack’s acquisition of FTX EU earlier this year, with Backpack initiating a customer claims process in April to compensate former FTX EU customers.
Polygon PoS Experiences Finality Issues
Polygon’s proof-of-stake chain experienced delayed transaction finality, running 10–15 minutes behind schedule. The issue was traced to problems with some Bor/Erigon nodes and RPC providers. A fix has been identified and is being rolled out to validators and service providers. This disruption occurred shortly after Polygon’s Heimdall v2 upgrade, which promised 5-second finality.
Other News
- World Liberty Financial (WLFI) blacklisted Tron founder Justin Sun’s blockchain address, preventing him from transferring WLFI tokens worth approximately $107 million.
- Decentralized finance protocol Ethena proposed to issue Hyperliquid’s forthcoming stablecoin, backed by Ethena’s USDtb and BlackRock's BUIDL.
Regulatory and Policy
- Nasdaq is seeking SEC approval to tokenize equities on the blockchain.
- President Trump’s new crypto advisor, Patrick Witt, is prioritizing the completion of U.S. crypto policies and the implementation of the new stablecoin law.
Calendar
- Sept. 22-28: Korea Blockchain Week, Seoul
- Oct. 1-2: Token2049, Singapore
- Oct. 13-15: Digital Asset Summit, London
- Oct. 16-17: European Blockchain Convention, Barcelona
- Nov. 17-22: Devconnect, Buenos Aires
- Dec. 11-13: Solana Breakpoint, Abu Dhabi
- Feb. 10-12, 2026: Consensus, Hong Kong
- Mar. 30-Apr. 2: EthCC, Cannes
- May 5-7, 2026: Consensus, Miami