Audit log

Every state-changing event for SwissBorg: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-20 03:30:54Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 420,905,018

   sig

   5Cish5rBpPo1…a6JPQ9CEcopyexplorer ↗

   hash

   6irKiizqbY9g…U1NqNPWScopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (6675 B) ▸

   {"actor":"system:backfill","investigation_id":"524894ae-ff61-4c27-9e9e-0f8c8069ce3e","kind":"publish","page_slug":"swissborg","published_at":"2026-05-20T03:30:54.084Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"SwissBorg","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://help.swissborg.com/hc/en-gb/articles/360009028418-What-is-SwissBorg"},{"credibility":3,"name":"","type":"other","url":"https://www.venturelab.swiss/SwissBorg-CEO-Cyrus-Fazel-We-enable-everyone-to-enjoy-the-world-of-decentralized-finance-regardless-of-their-investment-interests"},{"credibility":3,"name":"","type":"other","url":"https://en.cryptonomist.ch/2024/07/23/swissborg-the-swiss-crypto-exchange-open-to-everyone/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.kiln.fi/post/re-enablement-of-kiln-services-and-security-incident-information"},{"credibility":3,"name":"","type":"other","url":"https://harrydonnelly.substack.com/p/swissborgkiln-exploit-breakdown"},{"credibility":3,"name":"","type":"other","url":"https://www.web3isgoinggreat.com/?id=swissborg-exploit"},{"credibility":3,"name":"","type":"other","url":"https://protos.com/swissborg-ceo-blames-41m-loss-on-staking-partner-kiln/"},{"credibility":3,"name":"","type":"other","url":"https://swissborg.com/blog/sol-earn-incident-swissborg-recovery"},{"credibility":3,"name":"","type":"other","url":"https://therecord.media/swissborg-platform-solana-cryptocurrency-stolen"},{"credibility":3,"name":"","type":"other","url":"https://thecryptobasic.com/2025/09/09/swissborg-to-compensate-users-after-41m-solana-staking-hack/"},{"credibility":3,"name":"","type":"other","url":"https://www.fireblocks.com/blog/case-for-native-staking-kiln-incident"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://help.swissborg.com/hc/en-gb/articles/360015167634-SwissBorg-Legal-structure-jurisdiction-and-licenses"},{"credibility":3,"name":"","type":"other","url":"https://swissborg.com/blog/swissborg-secures-mica-approval-from-french-amf"},{"credibility":3,"name":"","type":"other","url":"https://news.bitcoin.com/swissborg-secures-mica-license-from-frances-amf-expanding-regulated-crypto-services-across-eu/"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/press-release/2026/03/12/swissborg-secures-mica-approval-from-france-s-financial-markets-authority"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://academy.swissborg.com/en/learn/mpc-keyless-technology-keeping-your-crypto-secure"},{"credibility":3,"name":"","type":"other","url":"https://www.kiln.fi/post/re-enablement-of-kiln-services-and-security-incident-information"},{"credibility":3,"name":"","type":"other","url":"https://harrydonnelly.substack.com/p/swissborgkiln-exploit-breakdown"},{"credibility":3,"name":"","type":"other","url":"https://www.fireblocks.com/blog/case-for-native-staking-kiln-incident"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://swissborg.com/proof-of-liabilities/audits"},{"credibility":3,"name":"","type":"other","url":"https://swissborg.com/blog/proof-of-liabilities"},{"credibility":3,"name":"","type":"other","url":"https://github.com/SwissBorg/proof-of-liabilities"},{"credibility":3,"name":"","type":"other","url":"https://swissborg.com/blog/sol-earn-incident-swissborg-recovery"},{"credibility":3,"name":"","type":"other","url":"https://swissborg.com/blog/swissborg-security-and-trust"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://protos.com/swissborg-ceo-blames-41m-loss-on-staking-partner-kiln/"},{"credibility":3,"name":"","type":"other","url":"https://therecord.media/swissborg-platform-solana-cryptocurrency-stolen"},{"credibility":3,"name":"","type":"other","url":"https://www.bankinfosecurity.com/cryptohack-roundup-swissborgs-41m-exploit-a-29417"},{"credibility":3,"name":"","type":"other","url":"https://www.ainvest.com/news/swissborg-41m-loss-exposes-defi-partner-risk-2509/"}]}],"sources_used":[],"summary":"SwissBorg is a Swiss-based crypto wealth management and exchange aggregator founded in 2017, holding MiCA authorization from France's AMF and VQF membership in Switzerland. In September 2025, the platform suffered a $41.5 million loss when its staking partner Kiln's API was compromised via a GitHub token theft and Kubernetes pod injection, resulting in the unauthorized transfer of 192,600 SOL from SwissBorg's SOL Earn program; the company subsequently pledged full reimbursement from treasury funds. While SwissBorg maintains legitimate regulatory standing and transparency measures including Proof of Liabilities, the third-party supply chain failure exposes material counterparty risk in its Earn product architecture.","timeline":[{"date":"2017-01-01","event":"SwissBorg founded in Lausanne, Switzerland by Cyrus Fazel and Anthony Lesoismier.","source":""},{"date":"2022-01-01","event":"SwissBorg Solutions OÜ registered with France's AMF as a Digital Asset Service Provider (DASP) under number E2022-034.","source":""},{"date":"2024-06-01","event":"SwissBorg publishes Proof of Liabilities audit portal using Merkle-tree cryptographic verification.","source":""},{"date":"2025-08-31","event":"SwissBorg uses Kiln Dashboard to unstake 975 SOL. Undetected by SwissBorg's custody signers, a malicious transaction embedded in the Kiln API response reassigns withdrawal authority for multiple high-value Solana stake accounts to an attacker-controlled address.","source":""},{"date":"2025-09-08","event":"Attacker executes the drain: 192,600 SOL (~$41.5 million) stolen across eight transactions in under three minutes. Kiln detects unauthorized activity on its platform.","source":""},{"date":"2025-09-09","event":"SwissBorg publicly confirms the breach. CEO Cyrus Fazel pledges full user reimbursement from treasury. SOL Earn redemptions suspended. Chainalysis, ZachXBT, SEAL, and Fireblocks engaged.","source":""},{"date":"2025-10-07","event":"Kiln publishes formal incident post-mortem identifying GitHub access token compromise as initial entry point, with Sygnia forensics findings. Services re-enabled with six security enhancements.","source":""},{"date":"2026-03-11","event":"SwissBorg's French entity Blocknodes SAS receives full MiCA authorization from France's AMF, enabling EU-wide regulated crypto services.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 5f3d8f7a-d68b-4e6c-befc-07426ddd47e1copy
2. #2reviewby reviewerreviewer

   2026-06-09 23:06:01Z
   Score: 52 → 52 (no score change)
   The core factual claims about the September 2025 Kiln/SwissBorg exploit are well-supported by multiple independent credible sources, including Kiln's own post-mortem, The Record, Protos, and on-chain analysis. The two most notable errors are: (1) the Proof of Liabilities launch date is listed as June 2024 when it was actually launched in April/May 2023 — a 13-month discrepancy likely caused by confusing an audit snapshot ID with the launch date; and (2) the MiCA authorization date is listed as March 11 when the AMF registry shows March 5. All cited URLs that were tested are live and support their associated claims. No link rot was detected.
   anchoranchored

   chain

   ●mainnet-betaslot 425,424,104

   sig

   5BKGPB94ivQX…dNF2wh9Xcopyexplorer ↗

   hash

   2ErDdMhp9uRP…fjahp1cwcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (993 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-09T23:06:01.736Z","decision":"review","investigation_id":"524894ae-ff61-4c27-9e9e-0f8c8069ce3e","new_score":52,"page_slug":"swissborg","prev_score":52,"reason":"The core factual claims about the September 2025 Kiln/SwissBorg exploit are well-supported by multiple independent credible sources, including Kiln's own post-mortem, The Record, Protos, and on-chain analysis. The two most notable errors are: (1) the Proof of Liabilities launch date is listed as June 2024 when it was actually launched in April/May 2023 — a 13-month discrepancy likely caused by confusing an audit snapshot ID with the launch date; and (2) the MiCA authorization date is listed as March 11 when the AMF registry shows March 5. All cited URLs that were tested are live and support their associated claims. No link rot was detected.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision b37483e5-e1a8-4593-b462-6ba71bd36813copy
3. #3review reviseby judgejudge

   2026-06-09 23:06:01Z
   Score: 52 → 47 (-5)
   11 of 15 claims were confirmed by independent sources including Tier 1 outlets (The Record, Protos, AMF registry, Kiln's own post-mortem). The single disputed finding (claim_findings[9]) is a secondary timeline date error: the Proof of Liabilities system is listed as launched June 2024 when multiple Tier 1 sources confirm it launched in April/May 2023 — a 13-month discrepancy likely caused by confusing an audit snapshot identifier with the feature launch date. Two additional claims are partially supported due to minor date imprecisions on regulatory registrations (claim_findings[8] and claim_findings[14]). No link rot was detected and core allegations about the September 2025 exploit, loss amount, attack vector, and reimbursement pledge are all well-sourced. Two high-priority coverage gaps — reimbursement completion status and on-chain fund recovery outcome — should be addressed before the page is considered fully current.
   anchoranchored

   chain

   ●mainnet-betaslot 425,424,108

   sig

   5V7RWrv1rXbc…nfHvBfpmcopyexplorer ↗

   hash

   5nHFAPE4Gm9T…nSthu9Lccopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1286 B) ▸

   {"actor":"judge","decided_at":"2026-06-09T23:06:01.736Z","decision":"review_revise","investigation_id":"524894ae-ff61-4c27-9e9e-0f8c8069ce3e","new_score":47,"page_slug":"swissborg","prev_score":52,"reason":"11 of 15 claims were confirmed by independent sources including Tier 1 outlets (The Record, Protos, AMF registry, Kiln's own post-mortem). The single disputed finding (claim_findings[9]) is a secondary timeline date error: the Proof of Liabilities system is listed as launched June 2024 when multiple Tier 1 sources confirm it launched in April/May 2023 — a 13-month discrepancy likely caused by confusing an audit snapshot identifier with the feature launch date. Two additional claims are partially supported due to minor date imprecisions on regulatory registrations (claim_findings[8] and claim_findings[14]). No link rot was detected and core allegations about the September 2025 exploit, loss amount, attack vector, and reimbursement pledge are all well-sourced. Two high-priority coverage gaps — reimbursement completion status and on-chain fund recovery outcome — should be addressed before the page is considered fully current.","score_delta":-5,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 90757a15-2fa4-4355-8a12-7ae141a98703copy