Step Finance, a serious Solana DeFi platform, confirmed a number of treasury and charge wallets have been compromised by a classy attacker throughout Asian Pacific buying and selling hours, ensuing within the theft of roughly 261,854 SOL tokens price roughly $30 million.
The breach despatched shockwaves via the Solana ecosystem as blockchain safety agency CertiK flagged that the stolen SOL “has been withdrawn after stake authorization had been transferred” to an unknown pockets deal with.
The incident triggered speedy market panic, with the platform’s native STEP token plummeting over 90% inside 24 hours.
Whereas the crew insists person funds remained unaffected, questions swirl over whether or not the breach represents a real safety failure or a disguised exit rip-off, significantly on condition that the attacker appeared to have direct pockets entry somewhat than exploiting good contract vulnerabilities.
Earlier right this moment a number of of our treasury wallets have been compromised by a classy actor throughout APAC hours. This was an assault facilitated via a well-known assault vector.
Quick remediation steps have been taken, and we’re working intently with high safety professionals.…— Step
(@StepFinance_) January 31, 2026
Emergency Response and Harm Management
Step Finance disclosed the safety breach via a collection of pressing social media posts, stating “a number of of our treasury and charge wallets have been compromised by a classy actor” and confirming the assault leveraged “a well-known assault vector.“
The platform instantly activated emergency protocols and reached out to cybersecurity corporations for help.
Solana media agency Solana Flooring reported that on-chain information confirmed the stolen 261,854 SOL was “unstaked and moved throughout the incident,” suggesting the attacker had obtained authorization to regulate staking operations.
The crew emphasised it had “notified the related authorities” and carried out speedy remediation steps whereas working with high safety professionals across the clock.
We’re contacting Cybersecurity corporations to help.
Any corporations who can help be happy to slip into DMshttps://t.co/uNN5l6TYVL— Step
Ripple Results Throughout Linked Protocols
The breach prolonged past Step Finance’s personal operations, impacting related platforms together with Remora Markets.
The protocol disclosed that as “majority LP, Step Finance skilled a hack of treasury wallets earlier right this moment” with some affected belongings together with Remora rStocks.
Remora assured customers that regardless of the incident, “Remora belongings stay held 1:1 in our brokerage account” whereas developing a course of for dealing with redemptions.
The market’s swift verdict on Step Finance got here via brutal worth motion, with the STEP token shedding most of its worth as merchants fled amid uncertainty in regards to the platform’s future viability and the legitimacy of the breach.
Remora Markets majority LP, Step Finance skilled a hack of treasury wallets earlier right this moment. A number of the belongings concerned within the incident are Remora rStocks.
An investigation is at the moment underway. Remora belongings stay held 1:1 in our brokerage account. A course of for dealing with…— Remora Markets (@RemoraMarkets) January 31, 2026
January’s Relentless Wave of DeFi Exploits
The Step Finance hack marks the most recent in what safety corporations describe as a devastating month for cryptocurrency safety.
In accordance with CertiK’s complete January 2026 safety report, “combining all of the incidents in January, we’ve confirmed ~$370.3M misplaced to exploits” throughout a number of assault vectors.
Main January incidents included Truebit’s $26.6 million good contract exploit, SwapNet’s $13.3 million breach affecting Matcha Meta customers, Saga’s $6.2 million exploit that compelled the Layer-1 protocol to pause its SagaEVM chain, and Makina Finance’s $4.2 million loss via flash mortgage manipulation.
CertiK’s evaluation revealed that phishing incidents accounted for $311.3 million of January’s losses, whereas code vulnerability assaults totaled $51.5 million.
#CertiKStatsAlert
Combining all of the incidents in January we’ve confirmed ~$370.3M misplaced to exploits.
~$311.3M of the whole is attributed to phishing with one sufferer shedding ~$284M as a consequence of a social engineering rip-off.
Extra particulars underpic.twitter.com/uXhi0P6dl5
— CertiK Alert (@CertiKAlert) January 31, 2026
Notably, the Step Finance breach continues a troubling sample affecting Solana-based protocols.
Swiss crypto platform SwissBorg misplaced $41.5 million price of SOL tokens in September 2025 after hackers compromised companion API supplier Kiln, whereas South Korea’s Upbit change suffered a $36 million Solana exploit in November 2025, precisely six years after its 2019 hack attributed to North Korean actors.
Past particular person protocol failures, January additionally witnessed the biggest single crypto theft of 2026, when a sufferer misplaced over $282 million in Bitcoin and Litecoin via a {hardware} pockets social engineering rip-off, as blockchain investigator ZachXBT described it, surpassing the earlier document of $243 million set in August 2024.
The attacker “instantly started changing the stolen belongings into Monero via a number of on the spot exchanges,” obscuring the path throughout a number of blockchain networks.
CertiK’s information reveals that regardless of these huge losses, lower than 2-5% has been recovered thus far, as investigations into many circumstances have solely just lately begun.
Even government-held crypto belongings got here beneath scrutiny, because the US Marshals Service confirmed it’s investigating a attainable hack of federal digital-asset accounts.
Patrick Witt, government director of the President’s Council of Advisors for Digital Property, acknowledged that the federal government seizure addresses have been among the many wallets from which hackers stole greater than $60 million in late 2025.
The put up $30M Stolen as Step Finance Treasury Wallets Compromised appeared first on Cryptonews.