A BitHide Analysis of Kiln’s Breach and Its Impact on Trust Wallet Users

By BitHide Team | September 10, 2025

Key takeaways

1. API Exploit Led to $41M Theft. Hackers compromised Kiln’s API, stealing 193,000 SOL from SwissBorg and exposing infrastructure risks across DeFi.
2. Trust Wallet Users Locked Out. Millions couldn’t access staking balances due to the API outage, though assets remained safe on-chain.
3. Transparency Failures. Trust Wallet avoided terms like “hack” or “attack,” leaving users without clear information or recovery timelines.
4. Third-Party Dependency Risks. Using Kiln as an intermediary made the entire system vulnerable: a failure at one provider caused problems across multiple platforms.
5. Security Lessons for Users. Always verify funds on-chain, diversify providers, and remain cautious with third-party Earn and staking services.

On September 8-9, 2025, a considerable security incident involving Kiln, a major staking infrastructure provider, led to disruptions across multiple crypto platforms, including Trust Wallet. While initially presented as a "technical issue," the incident involved a targeted API compromise that resulted in the theft of over $41 million from SwissBorg and left millions of Trust Wallet users unable to access their staking funds through the platform's interface.

Timeline of Events

• September 8, 2025: Trust Wallet users began reporting issues with the Earn section, as staking balances disappeared from the app interface and staking functions became unavailable.
• September 9, 2025: Kiln confirmed involvement in a serious security incident involving API compromise, resulting in the theft of 193,000 SOL (approximately $41 million) from SwissBorg's Solana Earn program.

The Technical Breach

The attack targeted Kiln's API infrastructure, which serves as a bridge between crypto applications and staking networks. Hackers exploited vulnerabilities in this API to manipulate requests and redirect funds. The stolen assets were transferred to a wallet identified as "SwissBorg Exploiter" on blockchain explorers.

Impact on Kiln's Infrastructure

Kiln, which manages more than $16 billion in digital assets and operates over 5% of the Ethereum network, was forced to suspend all of its services – from the dashboard and widgets to the API. As a precautionary measure, Kiln also initiated the exit of more than 1.6 million ETH from staking. The impact also extended into the DeFi sector. Infrastructure with more than $380 million in Total Value Locked  (TVL) was affected.

Trust Wallet's Response: Transparency Concerns

Trust Wallet's official response was notably restrained, describing the situation as a "technical update" without acknowledging the security breach. The company stated that "funds remain safe, balances are not impacted". Still, it failed to provide details about the nature of the incident, specific risks to users, or a timeline for service restoration.

Additionally, Trust Wallet's communication strategy raised red flags, highlighting concerning patterns in crisis management. The company conspicuously avoided using terms like "hack" or "attack" in their public communications, instead opting for sanitized language that downplayed the severity of the situation. Perhaps more concerning is the absence of any joint public report with Kiln, despite the two companies being directly linked through the incident.

The lack of a transparent roadmap for fund recovery represents another critical failure in crisis communication. Users affected by the service disruption have been left without clear timelines, specific action steps, or measurable progress indicators. This uncertainty has been compounded by minimal acknowledgment of user concerns, with Trust Wallet's statements focusing primarily on technical aspects rather than addressing the human impact of the incident.

BitHide Analysis: User Fund Status

During our investigation, we observed that Trust Wallet does not host the Morpho Steakhouse USDT vault directly. Rather, it leverages Kiln’s DeFi middleware to interact with the on-chain vault contract (0xbEef047a543E45807105E51A8BBEFCc5950fcfBa).

When a user initiates a USDT Earn deposit within Trust Wallet, the application submits a signed transaction to Kiln’s API, which then routes the deposit into the Morpho Steakhouse USDT vault on Ethereum. The vault’s current on-chain metrics, over $110 million in total deposits, $13 million in available liquidity, and a 6.40% APY, are publicly accessible via Morpho’s Dashboard and verified in DeBank under the “Trust Wallet Morpho Steakhouse USDT Pool” label.

Because Trust Wallet depends on Kiln’s API to fetch and display vault balances, the API outage following Kiln’s security breach prevented the mobile app from retrieving any balance data, even though all assets remained safely locked in the Morpho contract. Users can independently confirm ownership of their USDT deposits by querying the vault contract directly through Etherscan or by connecting any Web3 wallet to Morpho’s interface.

For a detailed overview of the integration architecture, see Kiln’s official announcement. This flowchart demonstrates how Trust Wallet serves as the front-end, Kiln functions as the API middleware, and Morpho’s Vault Smart Contracts handle the actual asset custody and yield generation.

The Trust Wallet and Kiln situation demonstrates how dependence on third-party APIs for staking and Earn services makes users vulnerable. Attack methods are becoming increasingly sophisticated, with hackers having stolen over $3 billion in just the first half of 2025. Smart contract exploits, phishing, including drainers, and API compromises are particularly relevant now, as methods become increasingly refined. We advise maximum caution even with the most trusted solutions.

The incident reveals critical infrastructure dependency risks where single points of failure in API providers can cascade across entire ecosystems. Communication failures during crises significantly undermine user trust and confidence in platform reliability. Most concerning is how API compromises represent a new frontier in crypto security threats, targeting the interconnected web of services that modern DeFi relies upon.

Recommendations for Users and Industry

Users should verify balances independently using blockchain explorers such as Etherscan or DeBank to maintain an accurate understanding of their actual holdings. During temporary interface outages, it's crucial to avoid panic actions that might lead to hasty decisions or falling victim to scammers exploiting the confusion. In addition, diversifying across multiple staking providers can reduce single-point-of-failure risks, while exercising particular caution with large amounts in third-party services becomes important as attack sophistication grows.

The cryptocurrency industry must improve incident communication protocols to maintain user trust during crisis situations. Implementing API infrastructure can help prevent single points of failure from cascading across entire ecosystems. Establishing clear compensation frameworks before incidents occur will help platforms respond more effectively when breaches happen. Additionally, enhancing security audit frequency for critical infrastructure providers like Kiln becomes essential as the interconnected nature of DeFi grows more complex.

Conclusion

While user funds appear to remain safe on-chain, the incident exposes dangerous vulnerabilities in the interconnected web of crypto services. The lack of transparent communication from major players like Trust Wallet during such incidents undermines the fundamental trust required for mainstream crypto adoption.

As the crypto ecosystem matures, incidents like these underscore the urgent need for more robust security practices, transparent communication protocols, and user protection mechanisms.

“The ripple effects of API compromises like the Kiln incident demonstrate that security is only as strong as the weakest link in the service chain. Platforms must not only secure their own systems but also ensure their third-party dependencies meet equally rigorous security standards.” – BitHide Team.

To stop worrying about the safety of your business crypto assets, use solutions designed specifically for companies. Request a demo and see how the non-custodial BitHide crypto wallet can help your business work with cryptocurrency securely and efficiently.