The Protocol: SwissBorg’s SOL Earn Wallet Exploited for $41.5M

Welcome to The Protocol, CoinDesk’s weekly wrap of the most important stories in cryptocurrency tech development. I’m Margaux Nijkerk, a reporter at CoinDesk.

In this issue:

• SwissBorg’s SOL Earn Wallet Exploited for $41.5M After Partner’s API Is Compromised
• Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads
• Backpack Opens Regulated Perpetuals Exchange in Europe After FTX EU Acquisition
• Polygon PoS Sees Transaction Finality Lag, Patch in Progress

Network News

SWISSBORG’S SOL EARN WALLET EXPLOITED: Crypto exchange SwissBorg said about 192,600 SOL ($41.5 million) was stolen from an external wallet used exclusively for its SOL Earn strategy. The exploit stemmed from a partner’s compromised application programming interface (API), a mechanism that allows software systems to communicate with one another, affecting a single counterparty, the exchange said in a post on X. It was not a hack of the SwissBorg platform. The loss affected fewer than 1% of users and represented about 2% of SwissBorg’s total assets, the firm said. All other funds and strategies remain secure, and user balances within the SwissBorg app are unaffected. SOL Earn redemptions are paused while recovery efforts proceed. SwissBorg says it will cover any shortfall, ensuring no user losses. The company is working with white-hat hackers, security firms and law enforcement to recover the funds. A full incident report will follow once investigations conclude. This exploit arrives amid a sharp rise in crypto thefts, with over $2.17 billion already stolen in 2025. — Shaurya Malwa Read more.

LEDGER CTO WARNS OF PNM ATTACK: Charles Guillemet, the chief technology officer at hardware wallet maker Ledger, warned on X that a large-scale supply chain attack was underway after a reputable developer’s Node Package Manager (NPM) account was compromised. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it. Guillemet did not name the developer whose account he said was compromised. The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly. A day later, Guillemet shared that almost zero crypto users had been affected by the hack. “NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages. “The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added. — Margaux Nijkerk Read more.

BACKPACK EU GOES LIVE FOLLOWING FTX EU ACQUISITION: Backpack Exchange, a global cryptocurrency trading platform, said its European division, Backpack EU, is officially live. Operating out of Cyprus and licensed under the European Union’s MiFID II framework, the exchange is positioning itself as one of the first fully regulated venues in Europe to offer crypto derivatives, starting with perpetual futures. “As far as I’m aware, it’s just going to be us and Kraken” in Europe offering perpetual futures, Armani Ferrante, the CEO of Backpack, said in an interview with CoinDesk. The debut follows Backpack’s acquisition of FTX EU earlier this year. In January, the FTX bankruptcy estate said the sale of FTX EU to Backpack was not authorized. Since then, the issue has been resolved and in April the exchange began distributing funds to former FTX EU customers, fulfilling their pledge to compensate users affected by the collapse of Sam Bankman-Fried’s crypto empire. Backpack EU will provide users access to over 40 trading pairs with up to 10x leverage, the team said in a statement. The platform says it aims to give both retail and institutional traders a compliant gateway to advanced crypto trading products. The rollout also highlights Backpack’s broader strategy of rebuilding trust in digital assets following a string of exchange failures. — Margaux Nijkerk Read more.

POLYGON POS CHAIN EXPERIENCES FINALITY LAG: Polygon’s proof-of-stake chain is live, but transactions are taking longer than usual to lock in, with finality running 10–15 minutes behind schedule. Finality is the assurance that a transaction or piece of data is irreversible once confirmed and added to a block in the blockchain. The foundation said in an X post that a fix has been identified and is being rolled out to validators and service providers. The slowdown was tied to issues on some Bor/Erigon nodes and RPC providers, according to Polygon’s status page. Node restarts resolved the problem for many validators, while others had to rewind to the last finalized block before resyncing, a status page shared. The disruption comes weeks after Polygon’s Heimdall v2 upgrade promised 5-second finality through a modernized consensus stack. – Shaurya Malwa Read more.

In Other News

• World Liberty Financial (WLFI), the crypto protocol linked to Donald Trump and his family, blacklisted Tron founder and key investor Justin Sun’s blockchain address, preventing him transferring WLFI tokens. The move affects 595 million unlocked WLFI tokens held on the address, worth roughly $107 million at current prices, according to Arkham data. The action followed the Sun-linked address making several outbound transactions of WLFI tokens on the Ethereum blockchain — including one for $9 million worth of the tokens — blockchain data shows. Sun, in a translated post on X, said that the “address only conducted a few generic exchange deposit tests, with very low amounts, and then created address dispersion, without involving any buying or selling, which could not possibly have any impact on the market.” In a later statement Sun urged the WLFI team to unblock his tokens. — Sam Reynolds Read more.
• Decentralized finance protocol Ethena submitted a proposal to issue Hyperliquid’s forthcoming stablecoin, joining a bidding competition that has already attracted companies including Paxos, Sky, Frax and Agora. The token would be fully backed by Ethena’s USDtb, a stablecoin issued with federally chartered bank Anchorage Digital and fully backed by BUIDL, the tokenized money market fund by asset management giant BlackRock and Securitize. If adopted, Ethena pledged that 95% of net revenue from USDH reserves would flow back to the Hyperliquid ecosystem, the proposal said. Ethena also said it would cover the costs of migrating existing USDC trading pairs on Hyperliquid to USDH to ease adoption. — Kristzian Sandor Read more.

Regulatory and Policy

• Nasdaq, the U.S. exchange where the tech sector’s biggest names list their stocks, is seeking to put equities on the blockchain, asking the U.S. Securities and Exchange Commission to bless its effort even as others in the securities world are sprinting toward the same tokenization goal.If the SEC filing is approved, the exchange will let customers choose either the traditional route for trading equities or do so on-chain with tokenized stocks — an option that would be treated with the same priority as the legacy method. The move by Nasdaq follows an effort by digital brokerage Robinhood to issue stock tokens for European customers in July, giving access to some 200 U.S. stocks and exchange-traded funds (ETFs). Bringing equities and other real-world assets onto blockchain rails has been among the most sizzling of the digital-asset world’s innovations, and the competition has been growing fierce for both traditional finance names and crypto natives to make moves. — Jesse Hamilton Read more.
• President Donald Trump’s new crypto guy, Patrick Witt, is picking up the baton from his predecessor, Bo Hines, in goading lawmakers to finish sweeping U.S. crypto policies and pushing regulators to put the new stablecoin law into practice, he said in an interview with CoinDesk. Working under the administration’s crypto czar, David Sacks, Witt is the new point of contact for crypto matters in the White House after the brief tenure of his predecessor, who went on to work for stablecoin giant Tether. While Hines saw the conversion of Congress’ stablecoin effort into law and was able to attend the White House ceremony to cement it, he left shortly after, leaving a lengthy crypto to-do list for Witt.”There’s no drop off here,” said Witt, who was elevated to the job last month, just two weeks after the administration issued its wide-reaching strategy report for tackling U.S. crypto policy. “We’re keeping the pedal to the metal with all of the different initiatives on the legislative front and the interagency actions recommended in the report.” — Jesse Hamilton Read more.

Calendar

• Sept. 22-28: Korea Blockchain Week, Seoul
• Oct. 1-2: Token2049, Singapore
• Oct. 13-15: Digital Asset Summit, London
• Oct. 16-17: European Blockchain Convention, Barcelona
• Nov. 17-22: Devconnect, Buenos Aires
• Dec. 11-13: Solana Breakpoint, Abu Dhabi
• Feb. 10-12, 2026: Consensus, Hong Kong
• Mar. 30-Apr. 2: EthCC, Cannes
• May 5-7, 2026: Consensus, Miami

Source