Step Finance, a significant Solana DeFi platform, confirmed a number of treasury and payment wallets have been compromised by a classy attacker throughout Asian Pacific buying and selling hours, ensuing within the theft of roughly 261,854 SOL tokens value roughly $30 million.
The breach despatched shockwaves by the Solana ecosystem as blockchain safety agency CertiK flagged that the stolen SOL “has been withdrawn after stake authorization had been transferred” to an unknown pockets deal with.
The incident triggered rapid market panic, with the platform’s native STEP token plummeting over 90% inside 24 hours.
Whereas the workforce insists person funds remained unaffected, questions swirl over whether or not the breach represents a real safety failure or a disguised exit rip-off, notably on condition that the attacker appeared to have direct pockets entry quite than exploiting sensible contract vulnerabilities.
Earlier right now a number of of our treasury wallets have been compromised by a classy actor throughout APAC hours. This was an assault facilitated by a well-known assault vector.
Fast remediation steps have been taken, and we’re working intently with high safety professionals.…— Step
(@StepFinance_) January 31, 2026
Emergency Response and Injury Management
Step Finance disclosed the safety breach by a sequence of pressing social media posts, stating “a number of of our treasury and payment wallets have been compromised by a classy actor” and confirming the assault leveraged “a well-known assault vector.“
The platform instantly activated emergency protocols and reached out to cybersecurity companies for help.
Solana media agency Solana Ground reported that on-chain knowledge confirmed the stolen 261,854 SOL was “unstaked and moved through the incident,” suggesting the attacker had obtained authorization to regulate staking operations.
The workforce emphasised it had “notified the related authorities” and carried out rapid remediation steps whereas working with high safety professionals across the clock.
We’re contacting Cybersecurity companies to help.
Any companies who can help be happy to slip into DMshttps://t.co/uNN5l6TYVL— Step
Ripple Results Throughout Linked Protocols
The breach prolonged past Step Finance’s personal operations, impacting related platforms together with Remora Markets.
The protocol disclosed that as “majority LP, Step Finance skilled a hack of treasury wallets earlier right now” with some affected property together with Remora rStocks.
Remora assured customers that regardless of the incident, “Remora property stay held 1:1 in our brokerage account” whereas setting up a course of for dealing with redemptions.
The market’s swift verdict on Step Finance got here by brutal worth motion, with the STEP token shedding most of its worth as merchants fled amid uncertainty in regards to the platform’s future viability and the legitimacy of the breach.
Remora Markets majority LP, Step Finance skilled a hack of treasury wallets earlier right now. Among the property concerned within the incident are Remora rStocks.
An investigation is at the moment underway. Remora property stay held 1:1 in our brokerage account. A course of for dealing with…— Remora Markets (@RemoraMarkets) January 31, 2026
January’s Relentless Wave of DeFi Exploits
The Step Finance hack marks the newest in what safety companies describe as a devastating month for cryptocurrency safety.
Based on CertiK’s complete January 2026 safety report, “combining all of the incidents in January, we’ve confirmed ~$370.3M misplaced to exploits” throughout a number of assault vectors.
Main January incidents included Truebit’s $26.6 million sensible contract exploit, SwapNet’s $13.3 million breach affecting Matcha Meta customers, Saga’s $6.2 million exploit that compelled the Layer-1 protocol to pause its SagaEVM chain, and Makina Finance’s $4.2 million loss by flash mortgage manipulation.
CertiK’s evaluation revealed that phishing incidents accounted for $311.3 million of January’s losses, whereas code vulnerability assaults totaled $51.5 million.
#CertiKStatsAlert
Combining all of the incidents in January we’ve confirmed ~$370.3M misplaced to exploits.
~$311.3M of the overall is attributed to phishing with one sufferer shedding ~$284M on account of a social engineering rip-off.
Extra particulars underpic.twitter.com/uXhi0P6dl5
— CertiK Alert (@CertiKAlert) January 31, 2026
Notably, the Step Finance breach continues a troubling sample affecting Solana-based protocols.
Swiss crypto platform SwissBorg misplaced $41.5 million value of SOL tokens in September 2025 after hackers compromised companion API supplier Kiln, whereas South Korea’s Upbit change suffered a $36 million Solana exploit in November 2025, precisely six years after its 2019 hack attributed to North Korean actors.
Past particular person protocol failures, January additionally witnessed the biggest single crypto theft of 2026, when a sufferer misplaced over $282 million in Bitcoin and Litecoin by a {hardware} pockets social engineering rip-off, as blockchain investigator ZachXBT described it, surpassing the earlier report of $243 million set in August 2024.
The attacker “instantly started changing the stolen property into Monero by a number of prompt exchanges,” obscuring the path throughout a number of blockchain networks.
CertiK’s knowledge exhibits that regardless of these large losses, lower than 2-5% has been recovered thus far, as investigations into many circumstances have solely lately begun.
Even government-held crypto property got here underneath scrutiny, because the US Marshals Service confirmed it’s investigating a potential hack of federal digital-asset accounts.
Patrick Witt, govt director of the President’s Council of Advisors for Digital Property, acknowledged that the federal government seizure addresses have been among the many wallets from which hackers stole greater than $60 million in late 2025.
The submit $30M Stolen as Step Finance Treasury Wallets Compromised appeared first on Cryptonews.