Trondheim-based startup Borg Security has carved out a niche protecting the infrastructure between crypto and the traditional web – the layer the industry tests least, and attackers exploit most.
Most of the web3 industry has invested heavily in securing what is technically unique about crypto: smart contracts, the self-executing code that runs transactions directly on the blockchain. But crypto platforms run on top of entirely conventional web infrastructure – APIs, backend servers, wallet integrations, third-party services. That layer is rarely tested with the same rigour, and that is where Borg has found its position.
Photo: The Borg team in Trondheim, from left: Herman Sagor, Jonas Solemsli Rian, Alexander Wollan, Hans Grønskag Hammer and Theodor Jensen.
Borg now secures over one billion dollars in onchain volume daily, and is already building a platform for continuous monitoring, Odin Platform. With Odin, Borg aims to make continuous security accessible to smaller and mid-sized players, not just enterprise clients. Through Odin, customers get ongoing visibility into their attack surface, continuous testing with verified vulnerabilities, and real-time insight into risk and remediation progress. "In short, we are moving from point-in-time deliveries to a model where security is a continuous process – and Odin is the platform where everything is delivered," says Alexander Wollan, CEO of Borg Security.
The company was founded by a young group from Trondheim, many with backgrounds from Thora Storm upper secondary school, and grew from a makeshift living room office to rented premises in Kjøpmannsgata in the autumn of 2024. Wollan leads a team that is largely self-taught, and that has chosen real-world experience with security problems over traditional study programmes.
The industry has built a solid apparatus for auditing smart contracts – and far less of the same for the surrounding infrastructure. The result is an asymmetric defence: strong protection where the money technically resides, weaker protection in the layer that controls access to it.
This means attackers do not need to break the chain itself. Instead, they can exploit code flaws and misconfigurations in APIs, web apps and node software to move funds without the user doing anything at all. In one case, Borg estimated that design flaws in a platform's API could potentially have allowed an attacker to drain around 200 million dollars without any active action from users.
Borg's client list reflects its position directly. The company has among other things carried out security work for Privy, which provides embedded wallets and authentication and has been acquired by Stripe, and for DEX terminal Padre, acquired by pump.fun. Both operate at exactly the intersection of crypto infrastructure and conventional web technology.
Borg also has several clients in the trading bot segment – platforms that allow users to trade memecoins and small-cap tokens at high speed, outside traditional exchanges. Wollan describes it as the new meta in web3, and as a sector with a new layer of centralised logic and APIs that can be exploited.
The threat landscape shifts in line with the market. Centralised exchanges were hit hardest first, then NFT marketplaces. Now trading platforms and the DEX segment are in the crosshairs. On 1 April 2026, Drift, a Solana-based decentralised exchange, was stripped of 285 million dollars in what turned out to be a six-month, North Korea-coordinated operation. The attack illustrates that volume – and with it, attackers – has followed liquidity wherever it has concentrated.
Wollan expects the pattern to continue: as new categories emerge, attackers follow. The structural problem remains the same – many players underestimate the risk in integrations and prioritise fast launches over security.
The core service is penetration testing – where the team, with permission, attempts to attack clients' systems to uncover weaknesses. Borg is also developing automated penetration testing, an idea that emerged from observing recurring failures across multiple crypto companies. For clients seeking a more continuous arrangement, Borg offers its Embedded Research Service (ERS), which embeds security work into clients' ongoing strategy with multiple tests per year and a continuous offensive view of the entire attack surface. ERS is the foundation of Odin Platform, which brings together visibility, testing and real-time insight into a single continuous service.
The company generated around three million Norwegian kroner in revenue in its first year of operations and is on track for seven to eight million the following year. Demand is expected to grow as crypto services become more tightly integrated with traditional finance – stablecoins, payment infrastructure and new integration layers that each expand the attack surface Borg is positioned to protect.
