4 Minutes
Step Finance reports treasury wallet breach on Solana
Solana-based DeFi dashboard Step Finance has confirmed a security incident in which multiple treasury wallets were compromised, resulting in the onchain movement of roughly 261,854 SOL (about $27.2 million). The revelation sparked a rapid market reaction, with the protocol’s native governance token, STEP, collapsing by more than 90% in the hours after the disclosure.
What Step Finance disclosed
In a post shared on X, the Step Finance team said that “earlier today several of our treasury wallets were compromised by a sophisticated actor during APAC hours.” The platform indicated the attack used a “well known attack vector” and that immediate remediation steps were put in place. The team has not yet released a full incident postmortem or confirmed whether the breach originated from a smart contract vulnerability, leaked private keys, or an internal operational lapse.
The compromised transaction
Onchain evidence and market fallout
Blockchain security firm CertiK analyzed onchain data and found that the attacker unstaked and transferred approximately 261,854 SOL from wallets under Step Finance control. At current prices, that movement corresponds to roughly $27.2 million. CoinGecko price data showed STEP trading near $0.001578 at one point, a decline of more than 93% in 24 hours, as liquidity evaporated and holders rushed to exit positions.
Unclear impact on user funds
Step Finance has so far limited its comments to confirming the treasury compromise and remediation actions. The project has not stated whether user-held assets were affected beyond protocol-owned reserves. That distinction is critical in DeFi incidents: losses limited to treasury holdings may allow a protocol to pursue recovery options, while user fund exposure tends to produce longer-term reputational and legal fallout.
Context: Step Finance and its role in Solana DeFi
Launched in 2021, Step Finance positions itself as the “front page of Solana,” providing a unified interface for tracking yield farms, liquidity provider (LP) positions, and other DeFi instruments across the Solana ecosystem. The company also runs SolanaFloor, a media outlet focused on Solana, and organizes the Solana Crossroads conference. In late 2024, Step Finance acquired Moose Capital (now Remora Markets) and announced ambitions to support tokenized equity trading on Solana, with STEP integral to governance and incentives.
Security lessons and industry response
Security executives say inadequate incident response, slow communications, and operational paralysis are the main reasons many crypto projects never fully recover after a major hack. Industry leaders such as Immunefi’s CEO Mitchell Amador have warned that teams often lack playbooks for rapid crisis management, which allows damage to compound and trust to erode. Kerberus CEO Alex Katz adds that even when technical fixes are made, reputation loss often drives liquidity outflows and lasting credibility issues.
As the Step Finance team investigates and works with onchain security firms, the broader Solana and DeFi communities will be watching for a transparent timeline, forensic details, and clear remediation plans. Recovery options could include tracing and freezing stolen funds where possible, pursuing legal remedies, and engaging in open communications to rebuild stakeholder confidence.
Source: cointelegraph
Leave a Comment