SwissBorg’s SOL Earn Wallet Exploited for $41.5M

Welcome to The Protocol, CoinDesk’s weekly wrap of the most important stories in cryptocurrency tech development. I’m Margaux Nijkerk, a reporter at CoinDesk.

In this issue:

SwissBorg’s SOL Earn Wallet Exploited for $41.5M After Partner’s API Is Compromised
Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads
Backpack Opens Regulated Perpetuals Exmodify in Europe After FTX EU Acquisition
Polygon PoS Sees Transaction Finality Lag, Patch in Progress

Network News

SWISSBORG’S SOL EARN WALLET EXPLOITED: Crypto exmodify SwissBorg declared about 192,600 SOL ($41.5 million) was stolen from an external wallet utilized exclusively for its SOL Earn strategy. The exploit stemmed from a partner’s compromised application programming interface (API), a mechanism that allows software systems to communicate with one another, affecting a single counterparty, the exmodify declared in a post on X. It was not a hack of the SwissBorg platform. The loss affected fewer than 1% of utilizers and represented about 2% of SwissBorg’s total assets, the firm declared. All other funds and strategies remain secure, and utilizer balances within the SwissBorg app are unaffected. SOL Earn redemptions are pautilized while recovery efforts proceed. SwissBorg declares it will cover any shortfall, ensuring no utilizer losses. The company is working with white-hat hackers, security firms and law enforcement to recover the funds. A full incident report will follow once investigations conclude. This exploit arrives amid a sharp rise in crypto thefts, with over $2.17 billion already stolen in 2025. — Shaurya Malwa Read more.

LEDGER CTO WARNS OF PNM ATTACK: Charles Guillemet, the chief technology officer at hardware wallet buildr Ledger, warned on X that a large-scale supply chain attack was underway after a reputable developer’s Node Package Manager (NPM) account was compromised. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting utilizers could sfinish funds directly to the attacker without realizing it. Guillemet did not name the developer whose account he declared was compromised. The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly. A day later, Guillemet shared that almost zero crypto utilizers had been affected by the hack. “NPM is a tool commonly utilized in software development utilizing JavaScript, which builds integrating packages simple for developers,” declared Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely utilized packages. “The malicious code attempts to drain utilizers by swapping addresses utilized in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added. — Margaux Nijkerk Read more.

BACKPACK EU GOES LIVE FOLLOWING FTX EU ACQUISITION: Backpack Exmodify, a global cryptocurrency trading platform, declared its European division, Backpack EU, is officially live. Operating out of Cyprus and licensed under the European Union’s MiFID II framework, the exmodify is positioning itself as one of the first fully regulated venues in Europe to offer crypto derivatives, starting with perpetual futures. “As far as I’m aware, it’s just going to be us and Kraken” in Europe offering perpetual futures, Armani Ferrante, the CEO of Backpack, declared in an interview with CoinDesk. The debut follows Backpack’s acquisition of FTX EU earlier this year. In January, the FTX bankruptcy estate declared the sale of FTX EU to Backpack was not authorized. Since then, the issue has been resolved and in April the exmodify launched distributing funds to former FTX EU customers, fulfilling their pledge to compensate utilizers affected by the collapse of Sam Bankman-Fried’s crypto empire. Backpack EU will provide utilizers access to over 40 trading pairs with up to 10x leverage, the team declared in a statement. The platform declares it aims to give both retail and institutional traders a compliant gateway to advanced crypto trading products. The rollout also highlights Backpack’s broader strategy of rebuilding trust in digital assets following a string of exmodify failures. — Margaux Nijkerk Read more.

POLYGON POS CHAIN EXPERIENCES FINALITY LAG: Polygon’s proof-of-stake chain is live, but transactions are taking longer than usual to lock in, with finality running 10–15 minutes behind schedule. Finality is the assurance that a transaction or piece of data is irreversible once confirmed and added to a block in the blockchain. The foundation declared in an X post that a repair has been identified and is being rolled out to validators and service providers. The slowdown was tied to issues on some Bor/Erigon nodes and RPC providers, according to Polygon’s status page. Node restarts resolved the problem for many validators, while others had to rewind to the last finalized block before resyncing, a status page shared. The disruption comes weeks after Polygon’s Heimdall v2 upgrade promised 5-second finality through a modernized consensus stack. – Shaurya Malwa Read more.

In Other News

World Liberty Financial (WLFI), the crypto protocol linked to Donald Trump and his family, blacklisted Tron founder and key investor Justin Sun’s blockchain address, preventing him transferring WLFI tokens. The shift affects 595 million unlocked WLFI tokens held on the address, worth roughly $107 million at current prices, according to Arkham data. The action followed the Sun-linked address building several outbound transactions of WLFI tokens on the Ethereum blockchain — including one for $9 million worth of the tokens — blockchain data displays. Sun, in a translated post on X, declared that the “address only conducted a few generic exmodify deposit tests, with very low amounts, and then created address dispersion, without involving any acquireing or selling, which could not possibly have any impact on the market.” In a later statement Sun urged the WLFI team to unblock his tokens. — Sam Reynolds Read more.
Decentralized finance protocol Ethena submitted a proposal to issue Hyperliquid’s forthcoming stablecoin, joining a bidding competition that has already attracted companies including Paxos, Sky, Frax and Agora. The token would be fully backed by Ethena’s USDtb, a stablecoin issued with federally chartered bank Anchorage Digital and fully backed by BUIDL, the tokenized money market fund by asset management giant BlackRock and Securitize. If adopted, Ethena pledged that 95% of net revenue from USDH reserves would flow back to the Hyperliquid ecosystem, the proposal declared. Ethena also declared it would cover the costs of migrating existing USDC trading pairs on Hyperliquid to USDH to ease adoption. — Kristzian Sandor Read more.

Regulatory and Policy

Nasdaq, the U.S. exmodify where the tech sector’s hugegest names list their stocks, is seeking to put equities on the blockchain, questioning the U.S. Securities and Exmodify Commission to bless its effort even as others in the securities world are sprinting toward the same tokenization goal.If the SEC filing is approved, the exmodify will let customers choose either the traditional route for trading equities or do so on-chain with tokenized stocks — an option that would be treated with the same priority as the legacy method. The shift by Nasdaq follows an effort by digital brokerage Robinhood to issue stock tokens for European customers in July, giving access to some 200 U.S. stocks and exmodify-traded funds (ETFs). Bringing equities and other real-world assets onto blockchain rails has been among the most sizzling of the digital-asset world’s innovations, and the competition has been growing fierce for both traditional finance names and crypto natives to build shifts. — Jesse Hamilton Read more.
President Donald Trump’s new crypto guy, Patrick Witt, is picking up the baton from his predecessor, Bo Hines, in goading lawbuildrs to finish sweeping U.S. crypto policies and pushing regulators to put the new stablecoin law into practice, he declared in an interview with CoinDesk. Working under the administration’s crypto czar, David Sacks, Witt is the new point of contact for crypto matters in the White Houtilize after the brief tenure of his predecessor, who went on to work for stablecoin giant Tether. While Hines saw the conversion of Congress’ stablecoin effort into law and was able to attfinish the White Houtilize ceremony to cement it, he left shortly after, leaving a lengthy crypto to-do list for Witt.”There’s no drop off here,” declared Witt, who was elevated to the job last month, just two weeks after the administration issued its wide-reaching strategy report for tackling U.S. crypto policy. “We’re keeping the pedal to the metal with all of the different initiatives on the legislative front and the interagency actions recommfinished in the report.” — Jesse Hamilton Read more.