Step Finance has confirmed that multiple treasury and fee wallets were compromised through a sophisticated attack, resulting in the theft worth roughly USD 30 million.
Following the announcement, the breach sent shockwaves through the Solana ecosystem as blockchain security firm CertiK also flagged that the stolen SOL was withdrawn after stake authorisation had been transferred to an unknown wallet address.
In addition, the incident triggered immediate market panic, with the platform’s native STEP token plummeting over 90% within 24 hours.
Providing emergency response and damage control
According to the announcement, while the team insists user funds remained unaffected, several questions still swirl over whether the breach represents a genuine security failure or a disguised exit scam. This exists particularly given that the attacker appeared to have direct wallet access, rather than exploiting smart contract vulnerabilities.
Step Finance disclosed the security breach through a series of urgent social media posts, stating that several of its treasury and fee wallets were compromised by a sophisticated actor, as well as confirming the attack leveraged a well known attack vector. Following this announcement, the platform immediately activated emergency protocols and reached out to cybersecurity firms for the needed assistance.
Moreover, Solana Floor also reported that on-chain data showed the stolen 261,854 SOL was unstaked and moved during the incident, which suggested that the attacker had obtained authorisation to control staking operations. The team emphasised that it had notified the relevant authorities, implemented the immediate remediation steps needed to solve the emergency, as well as worked with security professionals around the clock.
The breach extended beyond Step Finance’s own operations, impacting several connected platforms, including Remora Markets. The latter assured users that, despite the incident, its assets remain held 1:1 in the brokerage account, while also constructing a process for handling redemptions.
Following the announcement, the market’s swift verdict on Step Finance came through brutal price action, with the STEP token losing most of its value as traders fled amid uncertainty about the platform’s future viability and the overall legitimacy of the breach.
