Step Finance Treasury Breach Sparks $27M SOL Loss, STEP Plunges
Step Finance, a decentralized finance portfolio tracker on Solana, has disclosed a security breach that led to the compromise of several treasury wallets, triggering a sharp sell-off in its native token.
“Earlier today, several of our treasury wallets were compromised by a sophisticated actor during APAC hours. This was an attack facilitated through a well-known attack vector,” the platform wrote in a post on X, adding that they have taken “remediation” steps.
Onchain data reviewed by blockchain security firm CertiK shows that roughly 261,854 Solana (SOL) (worth around $27.2 million) was unstaked and transferred from Step Finance-controlled wallets.
Step Finance has not yet confirmed the total scale of the losses. The team also did not disclose how the attacker gained access, nor whether the incident stemmed from a smart contract flaw, compromised keys, or an internal access issue. It also remains unclear whether any user funds were affected, beyond protocol-owned assets.
Related: SwapNet exploit drains up to $13.3M from Matcha Meta users
STEP token crashes over 90% after treasury breach
Market reaction was swift. The project’s governance token, STEP, has dropped by more than 90%, according to data from CoinGecko. At the time of writing, the token is trading at $0.001578, down by 93.3% over the past day.
Founded in 2021, Step Finance bills itself as a “front page of Solana,” offering users a unified dashboard to track yield farms, LP tokens and DeFi positions across most Solana-based protocols. Beyond its core product, the company operates SolanaFloor, a Solana-focused media outlet, and organizes the annual Solana Crossroads conference.
In late 2024, it acquired Moose Capital, now rebranded as Remora Markets, with plans to introduce tokenized equity trading on Solana. STEP plays a central role in the protocol’s governance and incentive structure.
Related: CertiK links $63M in Tornado Cash deposits to $282M wallet compromise
Most crypto projects never recover after a major hack
Nearly 80% of crypto projects that suffer a major hack fail to fully recover, not because of the initial financial loss, but due to poor crisis response and a collapse in trust, according to Web3 security executives.
Immunefi CEO Mitchell Amador said most teams are unprepared for security incidents, leading to hesitation, slow decision-making and weak communication in the critical hours after a breach. This paralysis often allows losses to deepen and user confidence to erode further.
Even when technical issues are resolved, reputational damage is often permanent. Kerberus CEO Alex Katz notes that major exploits typically trigger user exits, liquidity drain and long-term credibility loss.
Magazine: How crypto laws changed in 2025 — and how they’ll change in 2026
