Kiln, a prominent cryptocurrency staking provider, has announced its decision to exit all of its Ethereum (ETH) validators following a significant security breach that resulted in the unauthorized withdrawal of substantial digital assets from its partner, SwissBorg. This incident has sparked concerns within the crypto community, especially given the exploit’s connection to Kiln’s API, which played a critical role in the attack.
In a blog post on September 9, Kiln outlined its rationale for the withdrawal, emphasizing that this precautionary step was taken to protect the integrity of staked assets amidst growing security concerns. The company, which manages over $15 billion in staked crypto across various blockchain networks, stated that its exit from Ethereum validators is meant to safeguard users’ funds.
The impact of this decision has been felt widely, as the queue for exiting Ethereum validators surged by 150% within 24 hours following the announcement. The amount of ETH queued for unstaking escalated from approximately 1 million ETH on September 10 to around 2.6 million ETH, marking an unprecedented wait time of over 45 days for users wishing to withdraw their staked assets.
Kiln was one of the largest ETH staking entities, managing over 1.6 million ETH spread across 51,000 validators, positioning it as the fifth-largest staking provider prior to its recent exit. The situation has raised alarms about the security of staking operations, with many users now facing extended delays in withdrawing their funds due to the congested exit queue.
The ongoing investigation into the SwissBorg exploit began after the exchange reported that an unauthorized withdrawal of approximately 193,000 SOL, valued at around $43.6 million, occurred due to a compromised partner API. Although Kiln was not named directly by SwissBorg in its announcement, it acknowledged its cooperation with SwissBorg to ascertain the details surrounding the incident, which involved unauthorized access to a wallet used for staking operations.
In the wake of the exploit, SwissBorg has been in close communication with its users and partners, detailing their findings and underscoring their partnership with Fireblocks, a digital asset custody provider. Despite the breach, Fireblocks confirmed that SwissBorg was not utilizing its secure native staking capabilities at the time, which are designed to mitigate such security threats. As a result, Fireblocks has suspended Kiln’s app connectivity through WalletConnect during the ongoing investigation.
The fallout from the incident has not only affected Kiln and SwissBorg but also has broader implications for the Ethereum network and the liquid staking ecosystem. The increased pressure on withdrawal queues from ETH validators may adversely affect liquid staking tokens like Lido Staked Ether (STETH), which allows users to earn staking rewards while retaining flexibility with their assets. The congested exit queue poses a risk of slower ETH redemptions, potentially increasing selling pressure on STETH and heightening the risk of a depegging from ETH in times of market uncertainty.
Kiln has committed to providing a comprehensive post-mortem analysis of the SwissBorg incident once its internal review concludes. In a statement, a Kiln spokesperson reassured stakeholders that there are currently no indications of loss of funds beyond the SwissBorg incident, and they remain dedicated to transparency in their communications with customers and partners as further information becomes available. The cryptocurrency community remains on alert as the repercussions of this exploit continue to unfold.
