Step Finance, a serious Solana DeFi platform, confirmed a number of treasury and payment wallets had been compromised by a complicated attacker throughout Asian Pacific buying and selling hours, ensuing within the theft of roughly 261,854 SOL tokens value roughly $30 million.
The breach despatched shockwaves via the Solana ecosystem as blockchain safety agency CertiK flagged that the stolen SOL “has been withdrawn after stake authorization had been transferred” to an unknown pockets tackle.
The incident triggered instant market panic, with the platform’s native STEP token plummeting over 90% inside 24 hours.
Whereas the workforce insists person funds remained unaffected, questions swirl over whether or not the breach represents a real safety failure or a disguised exit rip-off, significantly on condition that the attacker appeared to have direct pockets entry fairly than exploiting sensible contract vulnerabilities.
Earlier right this moment a number of of our treasury wallets had been compromised by a complicated actor throughout APAC hours. This was an assault facilitated via a well-known assault vector.
Fast remediation steps have been taken, and we’re working intently with high safety professionals.…— Step
(@StepFinance_) January 31, 2026
Emergency Response and Harm Management
Step Finance disclosed the safety breach via a collection of pressing social media posts, stating “a number of of our treasury and payment wallets had been compromised by a complicated actor” and confirming the assault leveraged “a well-known assault vector.“
The platform instantly activated emergency protocols and reached out to cybersecurity corporations for help.
Solana media agency Solana Flooring reported that on-chain information confirmed the stolen 261,854 SOL was “unstaked and moved through the incident,” suggesting the attacker had obtained authorization to regulate staking operations.
The workforce emphasised it had “notified the related authorities” and carried out instant remediation steps whereas working with high safety professionals across the clock.
We’re contacting Cybersecurity corporations to help.
Any corporations who can help be at liberty to slip into DMshttps://t.co/uNN5l6TYVL— Step
Ripple Results Throughout Linked Protocols
The breach prolonged past Step Finance’s personal operations, impacting linked platforms together with Remora Markets.
The protocol disclosed that as “majority LP, Step Finance skilled a hack of treasury wallets earlier right this moment” with some affected belongings together with Remora rStocks.
Remora assured customers that regardless of the incident, “Remora belongings stay held 1:1 in our brokerage account” whereas developing a course of for dealing with redemptions.
The market’s swift verdict on Step Finance got here via brutal value motion, with the STEP token shedding most of its worth as merchants fled amid uncertainty concerning the platform’s future viability and the legitimacy of the breach.
Remora Markets majority LP, Step Finance skilled a hack of treasury wallets earlier right this moment. Among the belongings concerned within the incident are Remora rStocks.
An investigation is at the moment underway. Remora belongings stay held 1:1 in our brokerage account. A course of for dealing with…— Remora Markets (@RemoraMarkets) January 31, 2026
January’s Relentless Wave of DeFi Exploits
The Step Finance hack marks the newest in what safety corporations describe as a devastating month for cryptocurrency safety.
In keeping with CertiK’s complete January 2026 safety report, “combining all of the incidents in January, we’ve confirmed ~$370.3M misplaced to exploits” throughout a number of assault vectors.
Main January incidents included Truebit’s $26.6 million sensible contract exploit, SwapNet’s $13.3 million breach affecting Matcha Meta customers, Saga’s $6.2 million exploit that compelled the Layer-1 protocol to pause its SagaEVM chain, and Makina Finance’s $4.2 million loss via flash mortgage manipulation.
CertiK’s evaluation revealed that phishing incidents accounted for $311.3 million of January’s losses, whereas code vulnerability assaults totaled $51.5 million.
#CertiKStatsAlert
Combining all of the incidents in January we’ve confirmed ~$370.3M misplaced to exploits.
~$311.3M of the overall is attributed to phishing with one sufferer shedding ~$284M resulting from a social engineering rip-off.
Extra particulars underpic.twitter.com/uXhi0P6dl5
— CertiK Alert (@CertiKAlert) January 31, 2026
Notably, the Step Finance breach continues a troubling sample affecting Solana-based protocols.
Swiss crypto platform SwissBorg misplaced $41.5 million value of SOL tokens in September 2025 after hackers compromised associate API supplier Kiln, whereas South Korea’s Upbit alternate suffered a $36 million Solana exploit in November 2025, precisely six years after its 2019 hack attributed to North Korean actors.
Past particular person protocol failures, January additionally witnessed the biggest single crypto theft of 2026, when a sufferer misplaced over $282 million in Bitcoin and Litecoin via a {hardware} pockets social engineering rip-off, as blockchain investigator ZachXBT described it, surpassing the earlier document of $243 million set in August 2024.
The attacker “instantly started changing the stolen belongings into Monero via a number of on the spot exchanges,” obscuring the path throughout a number of blockchain networks.
CertiK’s information exhibits that regardless of these huge losses, lower than 2-5% has been recovered to this point, as investigations into many circumstances have solely just lately begun.
Even government-held crypto belongings got here underneath scrutiny, because the US Marshals Service confirmed it’s investigating a potential hack of federal digital-asset accounts.
Patrick Witt, government director of the President’s Council of Advisors for Digital Belongings, acknowledged that the federal government seizure addresses had been among the many wallets from which hackers stole greater than $60 million in late 2025.
The put up $30M Stolen as Step Finance Treasury Wallets Compromised appeared first on Cryptonews.