$30M Stolen as Step Finance Treasury Wallets Compromised
Step Finance, a serious Solana DeFi platform, confirmed a number of treasury and price wallets had been compromised by a complicated attacker throughout Asian Pacific buying and selling hours, ensuing within the theft of roughly 261,854 SOL tokens value roughly $30 million.
The breach despatched shockwaves by the Solana ecosystem as blockchain safety agency CertiK flagged that the stolen SOL “has been withdrawn after stake authorization had been transferred” to an unknown pockets handle.
The incident triggered rapid market panic, with the platform’s native STEP token plummeting over 90% inside 24 hours.
While the group insists consumer funds remained unaffected, questions swirl over whether or not the breach represents a real safety failure or a disguised exit rip-off, notably provided that the attacker appeared to have direct pockets entry fairly than exploiting good contract vulnerabilities.
Earlier immediately a number of of our treasury wallets had been compromised by a complicated actor throughout APAC hours. This was an assault facilitated by a well-known assault vector.
Immediate remediation steps have been taken, and we’re working intently with high safety professionals.…
— Step
(@StepFinance_) January 31, 2026
Emergency Response and Damage Control
Step Finance disclosed the safety breach by a sequence of pressing social media posts, stating “a number of of our treasury and price wallets had been compromised by a complicated actor” and confirming the assault leveraged “a well-known assault vector.“
The platform instantly activated emergency protocols and reached out to cybersecurity corporations for help.
Solana media agency Solana Floor reported that on-chain knowledge confirmed the stolen 261,854 SOL was “unstaked and moved through the incident,” suggesting the attacker had obtained authorization to regulate staking operations.
The group emphasised it had “notified the related authorities” and carried out rapid remediation steps whereas working with high safety professionals across the clock.
We are contacting Cybersecurity corporations to help.
Any corporations who can help be happy to slip into DMshttps://t.co/uNN5l6TYVL
— Step
Ripple Effects Across Linked Protocols
The breach prolonged past Step Finance’s personal operations, impacting linked platforms together with Remora Markets.
The protocol disclosed that as “majority LP, Step Finance skilled a hack of treasury wallets earlier immediately” with some affected property together with Remora rStocks.
Remora assured customers that regardless of the incident, “Remora property stay held 1:1 in our brokerage account” whereas setting up a course of for dealing with redemptions.
The market’s swift verdict on Step Finance got here by brutal value motion, with the STEP token dropping most of its worth as merchants fled amid uncertainty in regards to the platform’s future viability and the legitimacy of the breach.
January’s Relentless Wave of DeFi Exploits
The Step Finance hack marks the most recent in what safety corporations describe as a devastating month for cryptocurrency safety.
According to CertiK’s complete January 2026 security report, “combining all of the incidents in January, we’ve confirmed ~$370.3M misplaced to exploits” throughout a number of assault vectors.
Major January incidents included Truebit’s $26.6 million smart contract exploit, SwapNet’s $13.3 million breach affecting Matcha Meta customers, Saga’s $6.2 million exploit that compelled the Layer-1 protocol to pause its SagaEVM chain, and Makina Finance’s $4.2 million loss by flash mortgage manipulation.
CertiK’s evaluation revealed that phishing incidents accounted for $311.3 million of January’s losses, whereas code vulnerability assaults totaled $51.5 million.
Combining all of the incidents in January we’ve confirmed ~$370.3M misplaced to exploits.
~$311.3M of the full is attributed to phishing with one sufferer dropping ~$284M as a consequence of a social engineering rip-off.
More particulars beneath
pic.twitter.com/uXhi0P6dl5
— CertiK Alert (@CertiKAlert) January 31, 2026
Notably, the Step Finance breach continues a troubling sample affecting Solana-based protocols.
Swiss crypto platform SwissBorg lost $41.5 million worth of SOL tokens in September 2025 after hackers compromised companion API supplier Kiln, whereas South Korea’s Upbit exchange suffered a $36 million Solana exploit in November 2025, precisely six years after its 2019 hack attributed to North Korean actors.
Beyond particular person protocol failures, January additionally witnessed the most important single crypto theft of 2026, when a victim lost over $282 million in Bitcoin and Litecoin by a {hardware} pockets social engineering rip-off, as blockchain investigator ZachXBT described it, surpassing the earlier document of $243 million set in August 2024.
The attacker “instantly started changing the stolen property into Monero by a number of prompt exchanges,” obscuring the path throughout a number of blockchain networks.
CertiK’s knowledge reveals that regardless of these huge losses, lower than 2-5% has been recovered to this point, as investigations into many circumstances have solely not too long ago begun.
Even government-held crypto property got here underneath scrutiny, as the US Marshals Service confirmed it’s investigating a potential hack of federal digital-asset accounts.
Patrick Witt, government director of the President’s Council of Advisors for Digital Assets, acknowledged that the federal government seizure addresses had been among the many wallets from which hackers stole greater than $60 million in late 2025.
The put up $30M Stolen as Step Finance Treasury Wallets Compromised appeared first on Cryptonews.
