A string of security and infrastructure stories landed this week: a $41.5 million loss at SwissBorg, a high‑profile warning from Ledger’s CTO about an NPM supply‑chain attack, the launch of a regulated Backpack EU exchange, and transaction finality delays on Polygon PoS.
SwissBorg exploit: SwissBorg said about 192,600 SOL (approximately $41.5 million) was taken from an external wallet used for its SOL Earn strategy after a partner’s API was compromised. The company said the incident affected fewer than 1% of users and roughly 2% of its assets; in‑app balances remain intact. SwissBorg paused SOL Earn redemptions, pledged to cover any shortfall and is working with white‑hat hackers, security firms and law enforcement on recovery and investigation.
NPM supply‑chain warning: Ledger CTO Charles Guillemet flagged that a compromised Node Package Manager (NPM) account pushed malicious code into widely used JavaScript packages with over one billion combined downloads. The payload is designed to swap on‑chain addresses and redirect funds during transactions. While Guillemet later said almost no crypto users were affected, the episode highlights how quickly a developer‑tool compromise can become a crypto security incident. Developers should consider pinning dependencies and auditing packages before deploying.
Backpack EU goes live: Backpack Exchange launched a regulated European arm, Backpack EU, operating from Cyprus under MiFID II. The exchange — which acquired FTX EU earlier this year — is offering perpetual futures across 40+ pairs with up to 10x leverage and frames itself as one of the first fully regulated perpetual venues in Europe, aiming to rebuild trust after several exchange failures.
Polygon finality lag: Polygon’s proof‑of‑stake chain experienced a finality lag of about 10–15 minutes, traced to issues on some Bor/Erigon nodes and RPC providers. Polygon said a fix is being rolled out to validators and service providers; many resolved the slowdown by restarting nodes or rewinding to the last finalized block.
Why it matters: these stories underscore two converging themes — the rising risk of software supply‑chain attacks and the ongoing operational fragility of blockchain infrastructure. Users and operators should prioritize basic hygiene: monitor balances, confirm counterparty security practices, keep dependencies and node clients updated, and treat recovery procedures as part of operational planning.
Source: CoinDesk. Read the original coverage for full details.