Skip to content
- Step Finance breach drains treasury wallets as 261,854 SOL moved in unauthorized transfers.
- STEP token sinks over 87% after the incident as traders react to uncertainty and lost reserves.
- Investigation continues with no clarity on attack vector, user fund exposure, or total losses.
Step Finance disclosed a major security breach that hit several of its treasury wallets during APAC hours. The incident prompted emergency action from the team and triggered a rapid collapse in the price of its governance token. The platform said the attack used a known vector but did not provide further technical details.
The team confirmed the breach in a post on X. They said a “sophisticated actor” accessed multiple treasury-controlled wallets. They also stated that remediation measures had begun shortly after the first signs of unauthorized activity. No specific information was shared about the source of the compromise.
Scale of Losses and Attack Method Remain Unconfirmed
Onchain data reviewed by security firm CertiK showed significant asset movement. Investigators discovered that wallets connected to the protocol were unstaking and transferring 261,854 SOL, valued at approximately $27.2 million. These transfers matched the timeline noted by the Step Finance team.
The platform has not confirmed the final size of the losses. It has also not clarified whether the attacker exploited compromised keys, a system-access vulnerability, or another operational weakness. The team did not disclose whether the attack affected user funds in addition to treasury assets.
Market reaction was immediate. STEP fell sharply as trading volumes increased during the day. The token dropped by more than 87%, according to CoinGecko data. It traded near $0.001037 at the time of writing.
Also Read: RLUSD Gains Momentum as Binance Listing and Institutional Adoption Drive Rapid Growth
Step Finance launched in 2021 as a dashboard for Solana-based DeFi activity. The product allows users to track yield positions, LP holdings, and portfolio performance across supported protocols. The company also runs SolanaFloor, a media outlet focused on ecosystem developments, and oversees the annual Solana Crossroads conference.
Step Finance Growth Plans Contrast With Security Fallout
In late 2024, the company expanded its operations by acquiring Moose Capital, now renamed Remora Markets, and plans to introduce tokenized equity trading with the help of the Solana infrastructure. STEP plays a major role in the governance and incentives of the protocol.
According to security executives, big breaches result in long-term damage to the company. Immunefi’s CEO, Mitchell Amador, said that most teams face challenges with their responses to security breaches and are already at a disadvantage within the first hours of the incident, such as when there is an exploit.
Kerberus CEO Alex Katz explained that the likelihood of a recovery after a large breach is very rare. Even after fixing the technical problems, the reputation damage, the exits in terms of liquidity, and the lack of trust are still going to be there. He explained that the lack of trust is actually a bigger problem than the money lost.
Step Finance has announced that they will provide further updates once the investigation progresses. The team continues to evaluate the breach and monitor the movement of their assets.
Also Read: Crypto Scam Facilitator Jailed for Moving $36.9M Through Global Network
