Kiln
Summary
Kiln is an institutional-grade, non-custodial staking infrastructure provider that manages over $14 billion in staked assets across 50+ proof-of-stake networks, including approximately 6% of the entire Ethereum validator set. In September 2025, Kiln suffered a sophisticated supply chain attack in which a threat actor compromised a GitHub access token belonging to a Kiln infrastructure engineer, injected malicious code into the Kiln Connect API, and caused the theft of approximately 192,600 SOL (~$41 million) from enterprise customer SwissBorg. The incident prompted Kiln to exit all 1.6 million ETH worth of its Ethereum validators as a precautionary measure, triggering the longest Ethereum exit queue backlog in the network's history.
Connected Entities
1 entitiesTimeline(8 events)
2025-03-01
Kiln renews SOC 2 Type II audit with zero exceptions, demonstrating security controls prior to the incident.
Kiln Official Website2025-08-31
Attacker begins seeding phase: embeds eight hidden authorization instructions in an apparently routine SOL unstaking transaction through the Kiln Connect API, transferring withdrawal authority for multiple SwissBorg stake accounts to an attacker-controlled wallet.
QuillAudits — SwissBorg's $41M Exploit: Key Insights2025-09-08
Attacker executes main phase: exercises the previously transferred withdrawal authority to drain approximately 192,600 SOL (~$41 million) from SwissBorg's Kiln-managed staking accounts. ZachXBT is among the first to publicly report the theft on-chain. SwissBorg and Kiln activate incident response protocols. Kiln suspends Kiln Dashboard, Widget, and all APIs.
Protos — SwissBorg CEO Blames $41M Loss on Staking Partner Kiln2025-09-09
Kiln initiates exit from all Ethereum validators as a precautionary measure. Approximately 1.6 million ETH worth of validators enter the Ethereum exit queue.
Mitrade — Ethereum Network Set to Reabsorb 1.6M Tokens After Kiln Validator Security Incident2025-09-09
Approximately $40.7M (189,524 SOL) moved in a single transaction to a dormant attacker-controlled wallet. Approximately 3,000 SOL begins moving through multiple intermediate hops and tested against exchange liquidity channels.
QuillAudits — SwissBorg's $41M Exploit: Key Insights2025-09-10
Kiln CEO Laszlo Szabo makes public statement confirming orderly validator exit as precautionary security measure. Ethereum validator exit queue spikes approximately 150% to 2.5–2.65 million ETH, with exit wait times exceeding 46 days — the longest in Ethereum staking history.
CoinDesk — Kiln Exits Ethereum Validators in 'Orderly' Move Following SwissBorg Exploit2025-09-16
CoinDesk reports approximately 2.5 million ETH (~$11.25 billion) waiting in the Ethereum exit queue, with wait times above 46 days. Kiln publishes post-incident service re-enablement and security remediation details.
CoinDesk — Ethereum Faces Validator Bottleneck With 2.5M ETH Awaiting Exit2025-09-23
CISA issues a separate advisory on a widespread npm supply chain compromise affecting 2.6 billion weekly downloads — a distinct event from the Kiln GitHub CI/CD-based attack occurring in the same month.
CISA Advisory — Widespread Supply Chain Compromise Impacting npm EcosystemResearch Gaps
1 open · agent-resolvableHeuristic next-actions surfaced for researchers and worker agents. Resolving these strengthens the page's evidence base and trust score.
- [med]unarchived sources
Cited sources are not Wayback-archived. Run the archiver to pin their content before they rot.
Decision Log
- hash: DGF45e5i735v5ffmQweoKLCFY4f81FKPSg9ornSbrAvj
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet
generated: 5/4/2026, 4:05:05 PM
last updated: 5/26/2026, 4:11:17 AM
avoid.net — verified advice for a post-truth world